Bug 5654 - passwords may not have a length of 32*n-2
Summary: passwords may not have a length of 32*n-2
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Web Access (show other bugs)
Version: pre-1.0
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.5.0
Assignee: Pierre Ossman
URL:
Keywords: hean01_tester, relnotes
Depends on:
Blocks:
 
Reported: 2015-09-24 15:48 CEST by Pierre Ossman
Modified: 2015-09-28 12:21 CEST (History)
2 users (show)

See Also:
Acceptance Criteria:

Attachments
Test pamtester password lengths. (937 bytes, application/x-shellscript)
2015-09-28 09:34 CEST, Henrik Andersson 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio 2015-09-24 15:48:52 CEST 
More poor buffer management in the same theme as bug 5212. Any password with 32*n-2 characters in it will just hang. E.g. 30, 62 or 94 characters.

The problem is that it fails to handle the case when the buffer was just big enough to contain the response. It will then assume it needs to read more, which of course never happens.
Comment 4 Henrik Andersson cendio 2015-09-28 09:34:36 CEST 
Created attachment 649 [details]
Test pamtester password lengths.

Wrote a script to test password lengths using pamtester.
Comment 5 Henrik Andersson cendio 2015-09-28 09:37:31 CEST 
Ran the test script against ThinLinc 4.4.0 and it hung at 30, 62, 94, 126...

Updated ThinLinc to build 4898 and reran the script, it stalls on length 511 which i assume is another internal buffer constraint in pamtester due to any length >= 511 will hang pamtester.
Comment 6 Henrik Andersson cendio 2015-09-28 09:59:59 CEST 
(In reply to comment #5)
> Ran the test script against ThinLinc 4.4.0 and it hung at 30, 62, 94, 126...
> 
> Updated ThinLinc to build 4898 and reran the script, it stalls on length 511
> which i assume is another internal buffer constraint in pamtester due to any
> length >= 511 will hang pamtester.

Created bug 5658 for this issue.
Comment 7 Henrik Andersson cendio 2015-09-28 10:00:30 CEST 
Closing due to it works good as loon password is <=511 characters.
Note You need to log in before you can comment on or make changes to this bug.