www.cendio.com
Bug 5654 - passwords may not have a length of 32*n-2
: passwords may not have a length of 32*n-2
Status: CLOSED FIXED
: ThinLinc
Web Access
: pre-1.0
: PC Unknown
: P2 Normal
: 4.5.0
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2015-09-24 15:48 by
Modified: 2015-09-28 12:21 (History)
Acceptance Criteria:


Attachments
Test pamtester password lengths. (937 bytes, application/x-shellscript)
2015-09-28 09:34, Henrik Andersson
Details


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2015-09-24 15:48:52
More poor buffer management in the same theme as bug 5212. Any password with
32*n-2 characters in it will just hang. E.g. 30, 62 or 94 characters.

The problem is that it fails to handle the case when the buffer was just big
enough to contain the response. It will then assume it needs to read more,
which of course never happens.
------- Comment #4 From cendio 2015-09-28 09:34:36 -------
Created an attachment (id=649) [details]
Test pamtester password lengths.

Wrote a script to test password lengths using pamtester.
------- Comment #5 From cendio 2015-09-28 09:37:31 -------
Ran the test script against ThinLinc 4.4.0 and it hung at 30, 62, 94, 126...

Updated ThinLinc to build 4898 and reran the script, it stalls on length 511
which i assume is another internal buffer constraint in pamtester due to any
length >= 511 will hang pamtester.
------- Comment #6 From cendio 2015-09-28 09:59:59 -------
(In reply to comment #5)
> Ran the test script against ThinLinc 4.4.0 and it hung at 30, 62, 94, 126...
> 
> Updated ThinLinc to build 4898 and reran the script, it stalls on length 511
> which i assume is another internal buffer constraint in pamtester due to any
> length >= 511 will hang pamtester.

Created bug 5658 for this issue.
------- Comment #7 From cendio 2015-09-28 10:00:30 -------
Closing due to it works good as loon password is <=511 characters.