fedora 24
crypto weakness #296

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

crossfire-server-1.71.0/server/server.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 crypto weakness.

  * @param salt
 * salt to crypt with.
 * @return
 * crypted str.
 * @todo make thread-safe?
 */
const char *crypt_string(const char *str, const char *salt) {
#if defined(WIN32) || (defined(__FreeBSD__) && !defined(HAVE_LIBDES))
    return(str);
#else
    static const char *const c = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
    char s[2];

    if (salt == NULL)
        s[0] = c[RANDOM()%(int)strlen(c)],
        s[1] = c[RANDOM()%(int)strlen(c)];
    else
        s[0] = salt[0],
        s[1] = salt[1];

#  ifdef HAVE_LIBDES
    return (char *)des_crypt(str, s);
#  endif
    /* Default case - just use crypt */
    return (char *)crypt(str, s);
#endif
}

/**
 * Check if 2 passwords match.
 *
 * @param typed
 * entered password. Not crypted.
 * @param crypted
 * password to check against. Must be crypted.
 * @return
 * 1 if the passwords match, 0 else.
 */
int check_password(const char *typed, const char *crypted) {
    /* If crypted is an empty string, crypt_string() will return null, leading to issues with the strcmp. */
    if (strlen(crypted) == 0) {
        return strlen(typed) == 0 ? 1 : 0;
    }
    return !strcmp(crypt_string(typed, crypted), crypted);
}

/**
 * This is a basic little function to put the player back to his
 * savebed.  We do some error checking - its possible that the
 * savebed map may no longer exist, so we make sure the player 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.