fedora 24
crypto weakness #281
Weakness Breakdown
Definition:
This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.
Warning code(s):
The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.
File Name:
grive2-ae06eccb38b2fe250c9ddeac3e3973f80b8a0aa9/libgrive/src/base/Resource.cc
Context:
The highlighted line of code below is the trigger point of this particular Fedora 24 crypto weakness.
m_json = &state;
// root folder is always in sync
if ( !IsRoot() )
{
fs::path path = Path() ;
bool is_dir;
os::Stat( path, &m_ctime, NULL, &is_dir ) ;
m_name = path.filename().string() ;
m_kind = is_dir ? "folder" : "file";
bool is_changed;
if ( state.Has( "ctime" ) && (u64_t) m_ctime.Sec() <= state["ctime"].U64() &&
( is_dir || state.Has( "md5" ) ) )
{
if ( !is_dir )
m_md5 = state["md5"];
is_changed = false;
}
else
{
if ( !is_dir )
{
m_md5 = crypt::MD5::Get( path );
// File is changed locally. TODO: Detect conflicts
is_changed = !state.Has( "md5" ) || m_md5 != state["md5"].Str();
}
else
is_changed = true;
}
if ( state.Has( "srv_time" ) )
m_mtime.Assign( state[ "srv_time" ].U64(), 0 ) ;
// Upload file if it is changed and remove if not.
// State will be updated to sync/remote_changed in FromRemote()
m_state = is_changed ? local_new : remote_deleted;
if ( m_state == local_new )
{
// local_new means this file is changed in local.
// this means we can't delete any of its parents.
// make sure their state is also set to local_new.
Resource *p = m_parent;
while ( p && p->m_state == remote_deleted )
{
p->m_state = local_new;
p = p->m_parent;
}
}
} 
