Ubuntu
gnome-keyring package

Merge lp:~rye/ubuntu/oneiric/gnome-keyring/fix-random-hash-iteration-count into lp:ubuntu/oneiric/gnome-keyring

  1. Oneiric (11.10)
  2. fix-random-hash-iteration-count
  3. Merge into oneiric
Proposed by Roman Yepishev
Status: Merged
Merge reported by: Martin Pitt
Merged at revision: not available
Proposed branch: lp:~rye/ubuntu/oneiric/gnome-keyring/fix-random-hash-iteration-count
Merge into: lp:ubuntu/oneiric/gnome-keyring
Diff against target: 66 lines (+47/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/05_upstream_fix_random_hash_iteration_count.patch (+38/-0)
debian/patches/series (+1/-0)
To merge this branch: bzr merge lp:~rye/ubuntu/oneiric/gnome-keyring/fix-random-hash-iteration-count
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+80901@code.launchpad.net

Description of the change

Cherry-pick patch from git: Use g_random_int_range() for pseudo-random hash iteration count.

To post a comment you must log in.
lp:~rye/ubuntu/oneiric/gnome-keyring/fix-random-hash-iteration-count updated
130. By Roman Yepishev

Target to -proposed

Revision history for this message
Ken VanDine (ken-vandine) wrote :

Thanks for the patch, I just uploaded 3.2.2 to oneiric-proposed which includes this fix.

Revision history for this message
Sebastien Bacher (seb128) wrote :

Could you set the request to merged since that got uploaded? it targetted oneiric rather than oneiric-proposed so that can't be done by somebody else

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2011-09-26 08:59:56 +0000
3+++ debian/changelog 2011-11-01 14:11:25 +0000
4@@ -1,3 +1,11 @@
5+gnome-keyring (3.2.0-0ubuntu2) oneiric-proposed; urgency=low
6+
7+ * debian/patches/05_upstream_fix_random_hash_iteration_count.patch:
8+ cherry-pick patch from git: Use g_random_int_range() for pseudo-random
9+ hash iteration count. (LP: #874501)
10+
11+ -- Roman Yepishev <roman.yepishev@canonical.com> Tue, 01 Nov 2011 15:34:14 +0200
12+
13 gnome-keyring (3.2.0-0ubuntu1) oneiric; urgency=low
14
15 * New upstream release
16
17=== added file 'debian/patches/05_upstream_fix_random_hash_iteration_count.patch'
18--- debian/patches/05_upstream_fix_random_hash_iteration_count.patch 1970-01-01 00:00:00 +0000
19+++ debian/patches/05_upstream_fix_random_hash_iteration_count.patch 2011-11-01 14:11:25 +0000
20@@ -0,0 +1,38 @@
21+From 71bdb5dc967ec99b3b2fe9d5994de7996b4142c5 Mon Sep 17 00:00:00 2001
22+From: Stef Walter <stefw@collabora.co.uk>
23+Date: Mon, 24 Oct 2011 09:18:41 +0000
24+Subject: pkcs11: Use g_random_int_range() for pseudo-random hash iteration count
25+
26+ * Used when hashing passwords into symmetric keys
27+ * Previous solution was overflowing
28+
29+https://bugzilla.gnome.org/show_bug.cgi?id=662025
30+---
31+diff --git a/pkcs11/gkm/gkm-data-der.c b/pkcs11/gkm/gkm-data-der.c
32+index 8e60651..79bde94 100644
33+--- a/pkcs11/gkm/gkm-data-der.c
34++++ b/pkcs11/gkm/gkm-data-der.c
35+@@ -966,7 +966,7 @@ prepare_and_encode_pkcs8_cipher (GNode *asn, const gchar *password,
36+ g_return_val_if_reached (NULL);
37+
38+ /* Randomize some input for the password based secret */
39+- iterations = 1000 + (int) (1000.0 * rand () / (RAND_MAX + 1.0));
40++ iterations = g_random_int_range (1000, 4096);
41+ gcry_create_nonce (salt, sizeof (salt));
42+
43+ /* Allocate space for the key and iv */
44+diff --git a/pkcs11/secret-store/gkm-secret-binary.c b/pkcs11/secret-store/gkm-secret-binary.c
45+index 29cd9cd..9f6569e 100644
46+--- a/pkcs11/secret-store/gkm-secret-binary.c
47++++ b/pkcs11/secret-store/gkm-secret-binary.c
48+@@ -584,7 +584,7 @@ gkm_secret_binary_write (GkmSecretCollection *collection, GkmSecretData *sdata,
49+ egg_buffer_init_full (&buffer, 256, g_realloc);
50+
51+ /* Prepare the keyring for encryption */
52+- hash_iterations = 1000 + (int) (1000.0 * rand() / (RAND_MAX + 1.0));
53++ hash_iterations = g_random_int_range (1000, 4096);
54+ gcry_create_nonce (salt, sizeof (salt));
55+
56+ egg_buffer_append (&buffer, (guchar*)KEYRING_FILE_HEADER, KEYRING_FILE_HEADER_LEN);
57+--
58+cgit v0.9.0.2
59
60=== modified file 'debian/patches/series'
61--- debian/patches/series 2011-09-18 14:58:20 +0000
62+++ debian/patches/series 2011-11-01 14:11:25 +0000
63@@ -1,2 +1,3 @@
64 04_nodisplay_autostart.patch
65+05_upstream_fix_random_hash_iteration_count.patch
66 99_ltmain_as-needed.patch

Subscribers

People subscribed via source and target branches