* grub-core/tests/legacy_password_test.c: New test.

* grub-core/commands/legacycfg.c: Remove variable length arrays.
This commit is contained in:
Vladimir Serbinenko 2013-11-12 02:38:33 +01:00
parent 9c6482b8d6
commit 15decd26cc
6 changed files with 114 additions and 16 deletions

View file

@ -1,3 +1,8 @@
2013-11-12 Vladimir Serbinenko <phcoder@gmail.com>
* grub-core/tests/legacy_password_test.c: New test.
* grub-core/commands/legacycfg.c: Remove variable length arrays.
2013-11-12 Vladimir Serbinenko <phcoder@gmail.com> 2013-11-12 Vladimir Serbinenko <phcoder@gmail.com>
* grub-core/lib/pbkdf2.c: Remove variable length arrays. * grub-core/lib/pbkdf2.c: Remove variable length arrays.

View file

@ -1921,6 +1921,11 @@ module = {
common = tests/pbkdf2_test.c; common = tests/pbkdf2_test.c;
}; };
module = {
name = legacy_password_test;
common = tests/legacy_password_test.c;
};
module = { module = {
name = div_test; name = div_test;
common = tests/div_test.c; common = tests/div_test.c;

View file

@ -553,8 +553,13 @@ check_password_md5_real (const char *entered,
grub_size_t enteredlen = grub_strlen (entered); grub_size_t enteredlen = grub_strlen (entered);
unsigned char alt_result[MD5_HASHLEN]; unsigned char alt_result[MD5_HASHLEN];
unsigned char *digest; unsigned char *digest;
grub_uint8_t ctx[GRUB_MD_MD5->contextsize]; grub_uint8_t *ctx;
grub_size_t i; grub_size_t i;
int ret;
ctx = grub_zalloc (GRUB_MD_MD5->contextsize);
if (!ctx)
return 0;
GRUB_MD_MD5->init (ctx); GRUB_MD_MD5->init (ctx);
GRUB_MD_MD5->write (ctx, entered, enteredlen); GRUB_MD_MD5->write (ctx, entered, enteredlen);
@ -600,7 +605,9 @@ check_password_md5_real (const char *entered,
GRUB_MD_MD5->final (ctx); GRUB_MD_MD5->final (ctx);
} }
return (grub_crypto_memcmp (digest, pw->hash, MD5_HASHLEN) == 0); ret = (grub_crypto_memcmp (digest, pw->hash, MD5_HASHLEN) == 0);
grub_free (ctx);
return ret;
} }
static grub_err_t static grub_err_t
@ -723,18 +730,11 @@ grub_cmd_legacy_password (struct grub_command *mycmd __attribute__ ((unused)),
NULL); NULL);
} }
static grub_err_t int
grub_cmd_legacy_check_password (struct grub_command *mycmd __attribute__ ((unused)), grub_legacy_check_md5_password (int argc, char **args,
int argc, char **args) char *entered)
{ {
struct legacy_md5_password *pw = NULL; struct legacy_md5_password *pw = NULL;
char entered[GRUB_AUTH_MAX_PASSLEN];
if (argc == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
grub_puts_ (N_("Enter password: "));
if (!grub_password_get (entered, GRUB_AUTH_MAX_PASSLEN))
return GRUB_ACCESS_DENIED;
if (args[0][0] != '-' || args[0][1] != '-') if (args[0][0] != '-' || args[0][1] != '-')
{ {
@ -743,17 +743,31 @@ grub_cmd_legacy_check_password (struct grub_command *mycmd __attribute__ ((unuse
grub_memset (correct, 0, sizeof (correct)); grub_memset (correct, 0, sizeof (correct));
grub_strncpy (correct, args[0], sizeof (correct)); grub_strncpy (correct, args[0], sizeof (correct));
if (grub_crypto_memcmp (entered, correct, GRUB_AUTH_MAX_PASSLEN) != 0) return grub_crypto_memcmp (entered, correct, GRUB_AUTH_MAX_PASSLEN) == 0;
return GRUB_ACCESS_DENIED;
return GRUB_ERR_NONE;
} }
pw = parse_legacy_md5 (argc, args); pw = parse_legacy_md5 (argc, args);
if (!pw) if (!pw)
return 0;
return check_password_md5_real (entered, pw);
}
static grub_err_t
grub_cmd_legacy_check_password (struct grub_command *mycmd __attribute__ ((unused)),
int argc, char **args)
{
char entered[GRUB_AUTH_MAX_PASSLEN];
if (argc == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
grub_puts_ (N_("Enter password: "));
if (!grub_password_get (entered, GRUB_AUTH_MAX_PASSLEN))
return GRUB_ACCESS_DENIED; return GRUB_ACCESS_DENIED;
if (!check_password_md5_real (entered, pw)) if (!grub_legacy_check_md5_password (argc, args,
entered))
return GRUB_ACCESS_DENIED; return GRUB_ACCESS_DENIED;
return GRUB_ERR_NONE; return GRUB_ERR_NONE;

View file

@ -0,0 +1,68 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2013 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
#include <grub/test.h>
#include <grub/dl.h>
#include <grub/misc.h>
#include <grub/crypto.h>
#include <grub/legacy_parse.h>
#include <grub/auth.h>
GRUB_MOD_LICENSE ("GPLv3+");
struct
{
char **args;
int argc;
char entered[GRUB_AUTH_MAX_PASSLEN];
int exp;
} vectors[] = {
{ (char * []) { (char *) "hello", NULL }, 1, "hello", 1 },
{ (char * []) { (char *) "hello", NULL }, 1, "hi", 0 },
{ (char * []) { (char *) "hello", NULL }, 1, "hillo", 0 },
{ (char * []) { (char *) "hello", NULL }, 1, "hellw", 0 },
{ (char * []) { (char *) "hello", NULL }, 1, "hell", 0 },
{ (char * []) { (char *) "hello", NULL }, 1, "h", 0 },
{ (char * []) { (char *) "--md5", (char *) "$1$maL$OKEF0PD2k6eQ0Po8u4Gjr/",
NULL }, 2, "hello", 1 },
{ (char * []) { (char *) "--md5", (char *) "$1$maL$OKEF0PD2k6eQ0Po8u4Gjr/",
NULL }, 2, "hell", 0 },
{ (char * []) { (char *) "--md5", (char *) "$1$naL$BaFO8zGgmss1E76GsrAec1",
NULL }, 2, "hello", 1 },
{ (char * []) { (char *) "--md5", (char *) "$1$naL$BaFO8zGgmss1E76GsrAec1",
NULL }, 2, "hell", 0 },
{ (char * []) { (char *) "--md5", (char *) "$1$oaL$eyrazuM7TkxVkKgBim1WH1",
NULL }, 2, "hi", 1 },
{ (char * []) { (char *) "--md5", (char *) "$1$oaL$eyrazuM7TkxVkKgBim1WH1",
NULL }, 2, "hello", 0 },
};
static void
legacy_password_test (void)
{
grub_size_t i;
for (i = 0; i < ARRAY_SIZE (vectors); i++)
grub_test_assert (grub_legacy_check_md5_password (vectors[i].argc,
vectors[i].args,
vectors[i].entered)
== vectors[i].exp, "Bad password check (%d)", (int) i);
}
/* Register example_test method as a functional test. */
GRUB_FUNCTIONAL_TEST (legacy_password_test, legacy_password_test);

View file

@ -61,6 +61,7 @@ grub_functional_all_tests (grub_extcmd_context_t ctxt __attribute__ ((unused)),
grub_dl_load ("div_test"); grub_dl_load ("div_test");
grub_dl_load ("xnu_uuid_test"); grub_dl_load ("xnu_uuid_test");
grub_dl_load ("pbkdf2_test"); grub_dl_load ("pbkdf2_test");
grub_dl_load ("legacy_password_test");
FOR_LIST_ELEMENTS (test, grub_test_list) FOR_LIST_ELEMENTS (test, grub_test_list)
ok = !grub_test_run (test) && ok; ok = !grub_test_run (test) && ok;

View file

@ -24,4 +24,9 @@
char *grub_legacy_parse (const char *buf, char **entryname, char **suffix); char *grub_legacy_parse (const char *buf, char **entryname, char **suffix);
char *grub_legacy_escape (const char *in, grub_size_t len); char *grub_legacy_escape (const char *in, grub_size_t len);
/* Entered has to be GRUB_AUTH_MAX_PASSLEN long, zero-padded. */
int
grub_legacy_check_md5_password (int argc, char **args,
char *entered);
#endif #endif