Re: mount_smbfs gives error when stored crypted pw is used

I have located the bug in /usr/src/contrib/smbfs/lib/smb/subr.c 

The printf(3C) calls have been added for debugging; the bug is the
addition of 13 after crypting every char which let the mask used in ^ operation
exceeding 256, i.e. more than one byte, if the string to be crypted is long
enough. The two lines added:

                if (pos > 256)
                    pos = pos-256;

fixes this issue and the crypting/decypting works fine; see below;

I'll later file a PR and propose the patch;

	matthias

char *
smb_simplecrypt(char *dst, const char *src)
{
        int ch, pos;
        char *dp;

        printf("smb_simplecrypt(): pw: [%s]\n", src);

        if (dst == NULL) {
                dst = malloc(4 + 2 * strlen(src));
                if (dst == NULL)
                        return NULL;
        }
        dp = dst;
        *dst++ = '$';
        *dst++ = '$';
        *dst++ = '1';
        pos = 27;
        while (*src) {
                ch = *src++;
                printf("ch [%c] --> ", ch);
                if (isascii(ch))
                    ch = (isupper(ch) ? ('A' + (ch - 'A' + 13) % 26) :
                          islower(ch) ? ('a' + (ch - 'a' + 13) % 26) : ch);
                ch ^= pos;
                pos += 13;
                if (pos > 256)
                    pos = pos-256;
                sprintf(dst, "%02x", ch);
                printf("0x%02x next ^mask (pos): 0x%02x\n", ch, pos);
                dst += 2;
        }
        *dst = 0;
        return dp;
}

$ ./smbpw
smb_simplecrypt(): pw: [1234567890-1-1234567]
ch [1] --> 0x2a next ^mask (pos): 0x28
ch [2] --> 0x1a next ^mask (pos): 0x35
ch [3] --> 0x06 next ^mask (pos): 0x42
ch [4] --> 0x76 next ^mask (pos): 0x4f
ch [5] --> 0x7a next ^mask (pos): 0x5c
ch [6] --> 0x6a next ^mask (pos): 0x69
ch [7] --> 0x5e next ^mask (pos): 0x76
ch [8] --> 0x4e next ^mask (pos): 0x83
ch [9] --> 0xba next ^mask (pos): 0x90
ch [0] --> 0xa0 next ^mask (pos): 0x9d
ch [-] --> 0xb0 next ^mask (pos): 0xaa
ch [1] --> 0x9b next ^mask (pos): 0xb7
ch [-] --> 0x9a next ^mask (pos): 0xc4
ch [1] --> 0xf5 next ^mask (pos): 0xd1
ch [2] --> 0xe3 next ^mask (pos): 0xde
ch [3] --> 0xed next ^mask (pos): 0xeb
ch [4] --> 0xdf next ^mask (pos): 0xf8
ch [5] --> 0xcd next ^mask (pos): 0x05
ch [6] --> 0x33 next ^mask (pos): 0x12
ch [7] --> 0x25 next ^mask (pos): 0x1f
cp: [$$12a1a06767a6a5e4ebaa0b09b9af5e3eddfcd3325]
smb_simpledecrypt(): hash: [$$12a1a06767a6a5e4ebaa0b09b9af5e3eddfcd3325] gives clear [1234567890-1-1234567]


-- 
Matthias Apitz, ✉ guru_at_unixarea.de, ⌂ http://www.unixarea.de/  ☎ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.