[cracklib] make the simplistic check and the purging of special characters much
Tomáš Mráz
tmraz at fedoraproject.org
Tue Sep 3 06:00:31 UTC 2013
commit d8d736852f9a8d0cc98fa65cf2bd0c2048975da7
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Tue Sep 3 08:00:17 2013 +0200
make the simplistic check and the purging of special characters much
less aggressive (#1003624, #985378)
cracklib-2.9.0-simplistic.patch | 94 +++++++++++++++++++++++++++++++++++++++
cracklib.spec | 8 +++-
2 files changed, 101 insertions(+), 1 deletions(-)
---
diff --git a/cracklib-2.9.0-simplistic.patch b/cracklib-2.9.0-simplistic.patch
new file mode 100644
index 0000000..2d529eb
--- /dev/null
+++ b/cracklib-2.9.0-simplistic.patch
@@ -0,0 +1,94 @@
+diff -up cracklib-2.9.0/lib/fascist.c.simplistic cracklib-2.9.0/lib/fascist.c
+--- cracklib-2.9.0/lib/fascist.c.simplistic 2013-09-03 07:45:55.369653537 +0200
++++ cracklib-2.9.0/lib/fascist.c 2013-09-03 07:48:58.686759120 +0200
+@@ -55,7 +55,6 @@ static char *r_destructors[] = {
+
+ "/?p@?p", /* purging out punctuation/symbols/junk */
+ "/?s@?s",
+- "/?X@?X",
+
+ /* attempt reverse engineering of password strings */
+
+@@ -454,6 +453,12 @@ GTry(rawtext, password)
+ continue;
+ }
+
++ if (len - strlen(mp) >= 3)
++ {
++ /* purged too much */
++ continue;
++ }
++
+ #ifdef DEBUG
+ printf("%-16s = %-16s (destruct %s)\n", mp, rawtext, r_destructors[i]);
+ #endif
+@@ -480,6 +485,12 @@ GTry(rawtext, password)
+ continue;
+ }
+
++ if (len - strlen(mp) >= 3)
++ {
++ /* purged too much */
++ continue;
++ }
++
+ #ifdef DEBUG
+ printf("%-16s = %-16s (construct %s)\n", mp, password, r_constructors[i]);
+ #endif
+@@ -699,6 +710,7 @@ FascistLookUser(PWDICT *pwp, char *instr
+ char rpassword[STRINGSIZE];
+ char area[STRINGSIZE];
+ uint32_t notfound;
++ int len;
+
+ notfound = PW_WORDS(pwp);
+ /* already truncated if from FascistCheck() */
+@@ -748,6 +760,7 @@ FascistLookUser(PWDICT *pwp, char *instr
+ return _("it is all whitespace");
+ }
+
++ len = strlen(password);
+ i = 0;
+ ptr = password;
+ while (ptr[0] && ptr[1])
+@@ -759,10 +772,9 @@ FascistLookUser(PWDICT *pwp, char *instr
+ ptr++;
+ }
+
+- /* Change by Ben Karsin from ITS at University of Hawaii at Manoa. Static MAXSTEP
+- would generate many false positives for long passwords. */
+- maxrepeat = 3+(0.09*strlen(password));
+- if (i > maxrepeat)
++ /* We were still generating false positives for long passwords.
++ Just count systematic double as a single character. */
++ if (len - i < MINLEN)
+ {
+ return _("it is too simplistic/systematic");
+ }
+@@ -795,6 +807,12 @@ FascistLookUser(PWDICT *pwp, char *instr
+ continue;
+ }
+
++ if (len - strlen(a) >= 3)
++ {
++ /* purged too much */
++ continue;
++ }
++
+ #ifdef DEBUG
+ printf("%-16s (dict)\n", a);
+ #endif
+@@ -815,6 +833,13 @@ FascistLookUser(PWDICT *pwp, char *instr
+ {
+ continue;
+ }
++
++ if (len - strlen(a) >= 3)
++ {
++ /* purged too much */
++ continue;
++ }
++
+ #ifdef DEBUG
+ printf("%-16s (reversed dict)\n", a);
+ #endif
diff --git a/cracklib.spec b/cracklib.spec
index 9688d9e..7c263d1 100644
--- a/cracklib.spec
+++ b/cracklib.spec
@@ -5,7 +5,7 @@
Summary: A password-checking library
Name: cracklib
Version: 2.9.0
-Release: 4%{?dist}
+Release: 5%{?dist}
Group: System Environment/Libraries
Source0: http://prdownloads.sourceforge.net/cracklib/cracklib-%{version}.tar.gz
@@ -57,6 +57,7 @@ Patch2: cracklib-2.9.0-python-gzdicts.patch
Patch3: cracklib-2.9.0-packlib-lookup.patch
Patch4: cracklib-2.9.0-packlib-reentrant.patch
Patch5: cracklib-2.9.0-packlib-gztype.patch
+Patch6: cracklib-2.9.0-simplistic.patch
URL: http://sourceforge.net/projects/cracklib/
License: LGPLv2+
Buildroot: %{_tmppath}/%{name}-%{version}-root
@@ -130,6 +131,7 @@ install -p -m 644 %{SOURCE3} po/zh_CN.po
%patch3 -p1 -b .lookup
%patch4 -p1 -b .reentrant
%patch5 -p1 -b .gztype
+%patch6 -p1 -b .simplistic
autoreconf -f -i
mkdir cracklib-dicts
@@ -256,6 +258,10 @@ EOF
%{_libdir}/../lib/python*/site-packages/*.py*
%changelog
+* Tue Sep 3 2013 Tomáš Mráz <tmraz at redhat.com> - 2.9.0-5
+- make the simplistic check and the purging of special characters much
+ less aggressive (#1003624, #985378)
+
* Wed Aug 28 2013 Tomáš Mráz <tmraz at redhat.com> - 2.9.0-4
- revert compression of the dictionaries as the performance penalty is too big
More information about the scm-commits
mailing list