View Issue Details

IDProjectCategoryView StatusLast Update
0004017unrealinstallingpublic2011-06-06 05:05
ReporterohnobinkiAssigned Toohnobinki 
PrioritylowSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version3.2.9-RC1 
Target VersionFixed in Version3.2.9-RC2 
Summary0004017: ./unreal gencloak can produce invalid cloak keys
DescriptionUnrealircd requires that every cloak key used have at least one lowercase alphabetic character, one uppercase alphabetic character, and one number. kvant and coobra found out that ./unreal gencloak (./ircd -k) can produce an invalid cloak key.

I think that unrealircd's cloak generator function

1. should produce longer keys (which will reduce the likeliness of this rare case happening). The fact that enough of the generated keys (see Steps to Reproduce) do not fit unrealircd's own criteria for strength suggests that the current length is lower than would be ideal
2. should automatically reject keys which don't fit its own requirements, possibly testing them with the same functions which parse a user's key in s_conf.c.

Another option might be to test users' cloak keys with cracklib or something(?)
Steps To ReproduceThis can be easily reproduced with the following script where you fix ``./src/ircd'' to point to your ircd binary:

$ i=0; while ! ./src/ircd -k 2>&1 | grep -v -e ' ' | grep -e '^[^A-Z0-9]*$' -e '^[^a-z0-9]*$' -e '^[a-zA-Z]*$'; do i=$((i+1)); done; echo $i

I get outputs such as:

ohnobinki@ohnopublishing ~/unreal.1 $ i=0; while ! ./src/ircd -k 2>&1 | grep -v -e ' ' | grep -e '^[^A-Z0-9]*$' -e '^[^a-z0-9]*$' -e '^[a-zA-Z]*$'; do i=$((i+1)); done; echo $i
TcQOxtSnDSO
129
ohnobinki@ohnopublishing ~/unreal.1 $ i=0; while ! ./src/ircd -k 2>&1 | grep -v -e ' ' | grep -e '^[^A-Z0-9]*$' -e '^[^a-z0-9]*$' -e '^[a-zA-Z]*$'; do i=$((i+1)); done; echo $i
KIoIvnRNrv
10
ohnobinki@ohnopublishing ~/unreal.1 $ i=0; while ! ./src/ircd -k 2>&1 | grep -v -e ' ' | grep -e '^[^A-Z0-9]*$' -e '^[^a-z0-9]*$' -e '^[a-zA-Z]*$'; do i=$((i+1)); done; echo $i
mWCEBsNtuIn
273

Thus, though the happenstance is unlikely it still does happen ;-).
TagsNo tags attached.
3rd party modules

Relationships

child of 0003776 resolvedsyzop Unreal3.2.9 TODO 

Activities

ohnobinki

2011-04-03 06:46

reporter  

unreal-4017-generate-good-cloakkeys.patch (1,865 bytes)

ohnobinki

2011-04-03 06:47

reporter   ~0016635

unreal-4017-generate-good-cloakkeys.patch: Without this patch, those bash loops I ran could find cloak keys which unrealircd would reject within a second. With this patch, it appears impossible... and I even let one of those loops run for a minute with no results just to be sure ;-).

May I commit?

syzop

2011-06-05 21:12

administrator   ~0016658

Yup, looks good, so go ahead.

ohnobinki

2011-06-06 05:05

reporter   ~0016663

Committed as http://hg.unrealircd.org/hg/unreal/rev/c92bc477b0bf, thanks for the approval ;-).

Issue History

Date Modified Username Field Change
2011-03-28 21:05 ohnobinki New Issue
2011-03-28 21:05 ohnobinki Status new => assigned
2011-03-28 21:05 ohnobinki Assigned To => ohnobinki
2011-03-29 20:08 syzop Relationship added child of 0003776
2011-04-03 06:46 ohnobinki File Added: unreal-4017-generate-good-cloakkeys.patch
2011-04-03 06:47 ohnobinki Note Added: 0016635
2011-06-05 21:12 syzop Note Added: 0016658
2011-06-06 05:05 ohnobinki Note Added: 0016663
2011-06-06 05:05 ohnobinki Status assigned => resolved
2011-06-06 05:05 ohnobinki Fixed in Version => 3.2.9-RC2
2011-06-06 05:05 ohnobinki Resolution open => fixed