From fd64259e8ca1784adea3104941cb14125154a971 Mon Sep 17 00:00:00 2001 From: Conrad Meyer Date: Nov 01 2011 20:52:05 +0000 Subject: Update chntpw to latest upstream (110511). Rhbz# 750005 --- diff --git a/.gitignore b/.gitignore index 94616b3..d7701df 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ chntpw-source-080526.zip +/chntpw-source-110511.zip diff --git a/chntpw-080526-detect-failure-to-write-key.patch b/chntpw-080526-detect-failure-to-write-key.patch deleted file mode 100644 index ea17219..0000000 --- a/chntpw-080526-detect-failure-to-write-key.patch +++ /dev/null @@ -1,77 +0,0 @@ -From jim@meyering.net Mon Jul 20 20:12:31 2009 -Return-Path: jim@meyering.net -X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on amd.home.annexia.org -X-Spam-Level: -X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00, - UNPARSEABLE_RELAY autolearn=ham version=3.2.5 -Received: from mail.corp.redhat.com [10.5.5.51] - by amd.home.annexia.org with IMAP (fetchmail-6.3.8) - for (single-drop); Mon, 20 Jul 2009 20:12:31 +0100 (BST) -Received: from zmta03.collab.prod.int.phx2.redhat.com (LHLO - zmta03.collab.prod.int.phx2.redhat.com) (10.5.5.33) by - mail06.corp.redhat.com with LMTP; Mon, 20 Jul 2009 15:12:17 -0400 (EDT) -Received: from localhost (localhost.localdomain [127.0.0.1]) - by zmta03.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 3C1A04E4EC - for ; Mon, 20 Jul 2009 15:12:17 -0400 (EDT) -Received: from zmta03.collab.prod.int.phx2.redhat.com ([127.0.0.1]) - by localhost (zmta03.collab.prod.int.phx2.redhat.com [127.0.0.1]) (amavisd-new, port 10024) - with ESMTP id a+PpYwgPRjqW for ; - Mon, 20 Jul 2009 15:12:17 -0400 (EDT) -Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) - by zmta03.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 130A44E4D6 - for ; Mon, 20 Jul 2009 15:12:17 -0400 (EDT) -Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) - by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n6KJCGMZ001977 - for ; Mon, 20 Jul 2009 15:12:16 -0400 -Received: from mx.meyering.net (sebastian-int.corp.redhat.com [172.16.52.221]) - by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n6KJCF82022169 - for ; Mon, 20 Jul 2009 15:12:15 -0400 -Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) - id 36C5D38154; Mon, 20 Jul 2009 21:12:15 +0200 (CEST) -From: Jim Meyering -To: "Richard W. M. Jones" -Subject: chntpw [PATCH] detect/diagnose failure to write key -Date: Mon, 20 Jul 2009 21:12:15 +0200 -Message-ID: <873a8r88z4.fsf@meyering.net> -MIME-Version: 1.0 -Content-Type: text/plain; charset=us-ascii -X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 -Status: RO -Content-Length: 938 -Lines: 34 - -Hi Rich, here's another. - ->From 057c832cf924cabf887e59d1c1f2127cd4619572 Mon Sep 17 00:00:00 2001 -From: Jim Meyering -Date: Mon, 20 Jul 2009 15:09:26 -0400 -Subject: [PATCH] detect/diagnose failure to write key - -* ntreg.c (export_key): Detect stream write failure. ---- - ntreg.c | 9 ++++++++- - 1 files changed, 8 insertions(+), 1 deletions(-) - -diff --git a/ntreg.c b/ntreg.c -index 21cd3e3..cdb6503 100644 ---- a/ntreg.c -+++ b/ntreg.c -@@ -2735,7 +2735,14 @@ void export_key(struct hive *hdesc, int nkofs, char *name, char *filename, char - fprintf(file, "Windows Registry Editor Version 5.00\r\n\r\n"); - export_subkey(hdesc, nkofs, name, prefix, file); - -- fclose(file); -+ if (ferror (file)) { -+ printf("failed to write file '%s'\n", filename); -+ fclose (file); -+ return; -+ } -+ if (fclose(file)) -+ printf("failed to write file '%s': %s\n", filename, -+ strerror(errno)); - } - - --- -1.6.2.5 - diff --git a/chntpw-080526-get_abs_path.patch b/chntpw-080526-get_abs_path.patch deleted file mode 100644 index 4a754cd..0000000 --- a/chntpw-080526-get_abs_path.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff -ur chntpw-080526/ntreg.c chntpw-080526.get_abs_path/ntreg.c ---- chntpw-080526/ntreg.c 2009-06-08 14:32:00.000000000 +0100 -+++ chntpw-080526.get_abs_path/ntreg.c 2009-06-08 14:30:08.000000000 +0100 -@@ -1193,7 +1193,7 @@ - { - /* int newnkofs; */ - struct nk_key *key; -- char tmp[ABSPATHLEN+1]; -+ char tmp[ABSPATHLEN]; - - maxlen = (maxlen < ABSPATHLEN ? maxlen : ABSPATHLEN); - -@@ -1209,6 +1209,7 @@ - } - - strncpy(tmp,path,ABSPATHLEN-1); -+ tmp[ABSPATHLEN-1] = '\0'; - - if ( (strlen(path) + key->len_name) >= maxlen-6) { - snprintf(path,maxlen,"(...)%s",tmp); -@@ -1216,7 +1217,7 @@ - } - *path = '\\'; - memcpy(path+1,key->keyname,key->len_name); -- strncpy(path+key->len_name+1,tmp,maxlen); -+ strcpy(path+key->len_name+1,tmp); - return(get_abs_path(hdesc, key->ofs_parent+0x1004, path, maxlen)); /* go back one more */ - } - diff --git a/chntpw-080526-keyname-overflow.patch b/chntpw-080526-keyname-overflow.patch deleted file mode 100644 index 345a4cf..0000000 --- a/chntpw-080526-keyname-overflow.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -ur chntpw-080526/ntreg.c chntpw-080526.keyname/ntreg.c ---- chntpw-080526/ntreg.c 2008-05-26 20:59:44.000000000 +0100 -+++ chntpw-080526.keyname/ntreg.c 2009-06-08 12:00:00.000000000 +0100 -@@ -2607,7 +2607,6 @@ - int count = 0; - int countri = 0; - int len, byte; -- char keyname[128]; - char path[1024]; - char *value; - struct nk_key *key; -@@ -2626,10 +2625,6 @@ - - // get the key - key = (struct nk_key *)(hdesc->buffer + nkofs); -- strncpy(keyname, key->keyname, key->len_name); -- keyname[key->len_name] = '\0'; -- printf("Exporting key '%s' with %d subkeys and %d values...\n", -- keyname, key->no_subkeys, key->no_values); - - *path = 0; - get_abs_path(hdesc, nkofs, path, 1024); diff --git a/chntpw-080526-no-value.patch b/chntpw-080526-no-value.patch deleted file mode 100644 index 5bb2048..0000000 --- a/chntpw-080526-no-value.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff -ur chntpw-080526/ntreg.c chntpw-080526.novalue/ntreg.c ---- chntpw-080526/ntreg.c 2009-06-08 14:44:09.000000000 +0100 -+++ chntpw-080526.novalue/ntreg.c 2009-06-08 14:43:48.000000000 +0100 -@@ -2667,21 +2667,23 @@ - value = (char *)get_val_data(hdesc, nkofs, vex.name, vex.type, TPF_VK_EXACT); - len = get_val_len(hdesc, nkofs, vex.name, TPF_VK_EXACT); - -- if (vex.type == REG_BINARY) { -- fprintf(file, "\"%s\"=hex:", vex.name); -- } else { -- fprintf(file, "\"%s\"=hex(%x):", vex.name, vex.type); -- } -- byte = 0; -- while (byte < len) { /* go byte by byte.. probably slow.. */ -- fprintf(file, "%02x,", (unsigned char)value[byte]); -- byte++; -- if (!(byte % 20)) fprintf(file, "\\\r\n "); -- } -- fprintf(file, "%02x\r\n", (unsigned char)value[byte]); -- } -+ if (value && len >= 0) { -+ if (vex.type == REG_BINARY) { -+ fprintf(file, "\"%s\"=hex:", vex.name); -+ } else { -+ fprintf(file, "\"%s\"=hex(%x):", vex.name, vex.type); -+ } -+ byte = 0; -+ while (byte < len) { /* go byte by byte.. probably slow.. */ -+ fprintf(file, "%02x,", (unsigned char)value[byte]); -+ byte++; -+ if (!(byte % 20)) fprintf(file, "\\\r\n "); -+ } -+ fprintf(file, "%02x\r\n", (unsigned char)value[byte]); - -- FREE(vex.name); -+ FREE(vex.name); -+ } -+ } - } - } - diff --git a/chntpw-080526-port-to-gcrypt-debian.patch b/chntpw-080526-port-to-gcrypt-debian.patch deleted file mode 100644 index 217341d..0000000 --- a/chntpw-080526-port-to-gcrypt-debian.patch +++ /dev/null @@ -1,201 +0,0 @@ -Original patch from Debian: -http://patch-tracking.debian.net/patch/series/view/chntpw/0.99.5-0+nmu1/01_port_to_gcrypt.patch - -Written by Paul Wise. - -Ported to Fedora build by Richard W.M. Jones. - -Also compiles the program as 64 bit. I see no reason why the '-m32' -flag was supplied. Building on 64 bit produces a working program -as far as I can tell. - -diff -ur chntpw-080526.orig/chntpw.c chntpw-080526.gcrypt/chntpw.c ---- chntpw-080526.orig/chntpw.c 2008-05-26 20:59:44.000000000 +0100 -+++ chntpw-080526.gcrypt/chntpw.c 2009-06-09 12:39:58.037690367 +0100 -@@ -61,12 +61,19 @@ - #include - #include - -+#if defined(USEOPENSSL) - #include - #include --#define uchar u_char - #define MD4Init MD4_Init - #define MD4Update MD4_Update - #define MD4Final MD4_Final -+#elif defined(USELIBGCRYPT) -+ #include -+#else -+ #error No DES encryption and MD4 hashing library found -+#endif -+ -+#define uchar u_char - - #include "ntreg.h" - #include "sam.h" -@@ -138,7 +145,9 @@ - for (i=0;i<8;i++) { - key[i] = (key[i]<<1); - } -+#if defined(USEOPENSSL) - DES_set_odd_parity((des_cblock *)key); -+#endif - } - - /* -@@ -183,6 +192,7 @@ - - void E1(uchar *k, uchar *d, uchar *out) - { -+#if defined(USEOPENSSL) - des_key_schedule ks; - des_cblock deskey; - -@@ -193,6 +203,15 @@ - des_set_key((des_cblock *)deskey,ks); - #endif /* __FreeBsd__ */ - des_ecb_encrypt((des_cblock *)d,(des_cblock *)out, ks, DES_ENCRYPT); -+#elif defined(USELIBGCRYPT) -+ gcry_cipher_hd_t ks; -+ uchar deskey[8]; -+ str_to_key(k,deskey); -+ gcry_cipher_open(&ks, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); -+ gcry_cipher_setkey(ks, deskey, 8); -+ gcry_cipher_encrypt(ks, out, 8, d, 8); -+ gcry_cipher_close(ks); -+#endif - } - - -@@ -500,10 +519,18 @@ - int dontchange = 0; - struct user_V *v; - -+#ifdef USEOPENSSL - des_key_schedule ks1, ks2; - des_cblock deskey1, deskey2; - - MD4_CTX context; -+#elif defined(USELIBGCRYPT) -+ gcry_cipher_hd_t ks1, ks2; -+ uchar deskey1[8], deskey2[8]; -+ -+ unsigned char *p; -+ gcry_md_hd_t context; -+#endif - unsigned char digest[16]; - unsigned short acb; - -@@ -617,6 +644,7 @@ - hexprnt("Crypted LM pw: ",(unsigned char *)(vp+lmpw_offs),16); - } - -+#if defined(USEOPENSSL) - /* Get the two decrpt keys. */ - sid_to_key1(rid,(unsigned char *)deskey1); - des_set_key((des_cblock *)deskey1,ks1); -@@ -634,6 +662,25 @@ - (des_cblock *)lanman, ks1, DES_DECRYPT); - des_ecb_encrypt((des_cblock *)(vp+lmpw_offs + 8), - (des_cblock *)&lanman[8], ks2, DES_DECRYPT); -+#elif defined(USELIBGCRYPT) -+ /* Start the keys */ -+ gcry_cipher_open(&ks1, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); -+ gcry_cipher_open(&ks2, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); -+ -+ /* Get the two decrpt keys. */ -+ sid_to_key1(rid,deskey1); -+ gcry_cipher_setkey(ks1, deskey1, 8); -+ sid_to_key2(rid,deskey2); -+ gcry_cipher_setkey(ks2, deskey2, 8); -+ -+ /* Decrypt the NT md4 password hash as two 8 byte blocks. */ -+ gcry_cipher_decrypt(ks1, md4, 8, vp+ntpw_offs, 8); -+ gcry_cipher_decrypt(ks2, &md4[8], 8, vp+ntpw_offs+8, 8); -+ -+ /* Decrypt the lanman password hash as two 8 byte blocks. */ -+ gcry_cipher_decrypt(ks1, lanman, 8, vp+lmpw_offs, 8); -+ gcry_cipher_decrypt(ks2, &lanman[8], 8, vp+lmpw_offs+8, 8); -+#endif - - if (gverbose) { - hexprnt("MD4 hash : ",(unsigned char *)md4,16); -@@ -689,9 +736,17 @@ - - /* printf("Ucase Lanman: %s\n",newlanpw); */ - -+#if defined(USEOPENSSL) - MD4Init (&context); - MD4Update (&context, newunipw, pl<<1); - MD4Final (digest, &context); -+#elif defined(USELIBGCRYPT) -+ gcry_md_open(&context, GCRY_MD_MD4, 0); -+ gcry_md_write(context, newunipw, pl<<1); -+ p = gcry_md_read(context, GCRY_MD_MD4); -+ if(p) memcpy(digest, p, gcry_md_get_algo_dlen(GCRY_MD_MD4)); -+ gcry_md_close(context); -+#endif - - if (gverbose) hexprnt("\nNEW MD4 hash : ",digest,16); - -@@ -700,6 +755,7 @@ - - if (gverbose) hexprnt("NEW LANMAN hash : ",(unsigned char *)lanman,16); - -+#if defined(USEOPENSSL) - /* Encrypt the NT md4 password hash as two 8 byte blocks. */ - des_ecb_encrypt((des_cblock *)digest, - (des_cblock *)despw, ks1, DES_ENCRYPT); -@@ -710,6 +766,18 @@ - (des_cblock *)newlandes, ks1, DES_ENCRYPT); - des_ecb_encrypt((des_cblock *)(lanman+8), - (des_cblock *)&newlandes[8], ks2, DES_ENCRYPT); -+#elif defined(USELIBGCRYPT) -+ /* Encrypt the NT md4 password hash as two 8 byte blocks. */ -+ gcry_cipher_encrypt(ks1, despw, 8, digest, 8); -+ gcry_cipher_encrypt(ks2, &despw[8], 8, digest+8, 8); -+ -+ gcry_cipher_encrypt(ks1, newlandes, 8, lanman, 8); -+ gcry_cipher_encrypt(ks2, &newlandes[8], 8, lanman+8, 8); -+ -+ /* Close keys, not needed after this */ -+ gcry_cipher_close(ks1); -+ gcry_cipher_close(ks2); -+#endif - - if (gverbose) { - hexprnt("NEW DES crypt : ",(unsigned char *)despw,16); -diff -ur chntpw-080526.orig/Makefile chntpw-080526.gcrypt/Makefile ---- chntpw-080526.orig/Makefile 2008-05-26 20:59:44.000000000 +0100 -+++ chntpw-080526.gcrypt/Makefile 2009-06-09 12:45:07.798728999 +0100 -@@ -1,28 +1,11 @@ - # - # Makefile for the Offline NT Password Editor - # --# --# Change here to point to the needed OpenSSL libraries & .h files --# See INSTALL for more info. --# -- --#SSLPATH=/usr/local/ssl --OSSLPATH=/usr --OSSLINC=$(OSSLPATH)/include - - CC=gcc -+CFLAGS=-DUSELIBGCRYPT -g -I. $(shell libgcrypt-config --cflags) -Wall $(EXTRA_CFLAGS) - --# Force 32 bit --CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 --OSSLLIB=$(OSSLPATH)/lib -- --# 64 bit if default for compiler setup --#CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall --#OSSLLIB=$(OSSLPATH)/lib64 -- -- --# This is to link with whatever we have, SSL crypto lib we put in static --LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a -+LIBS=$(shell libgcrypt-config --libs) - - all: chntpw chntpw.static cpnt reged reged.static - diff --git a/chntpw-080526-reged-no-deref-null.patch b/chntpw-080526-reged-no-deref-null.patch deleted file mode 100644 index 9bd681e..0000000 --- a/chntpw-080526-reged-no-deref-null.patch +++ /dev/null @@ -1,70 +0,0 @@ -From jim@meyering.net Wed Jul 22 13:41:58 2009 -Return-Path: jim@meyering.net -X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on amd.home.annexia.org -X-Spam-Level: -X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00, - UNPARSEABLE_RELAY autolearn=ham version=3.2.5 -Received: from mail.corp.redhat.com [10.5.5.51] - by amd.home.annexia.org with IMAP (fetchmail-6.3.8) - for (single-drop); Wed, 22 Jul 2009 13:41:58 +0100 (BST) -Received: from zmta01.collab.prod.int.phx2.redhat.com (LHLO - zmta01.collab.prod.int.phx2.redhat.com) (10.5.5.31) by - mail06.corp.redhat.com with LMTP; Wed, 22 Jul 2009 08:41:25 -0400 (EDT) -Received: from localhost (localhost.localdomain [127.0.0.1]) - by zmta01.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 52E8193C42 - for ; Wed, 22 Jul 2009 08:41:25 -0400 (EDT) -Received: from zmta01.collab.prod.int.phx2.redhat.com ([127.0.0.1]) - by localhost (zmta01.collab.prod.int.phx2.redhat.com [127.0.0.1]) (amavisd-new, port 10024) - with ESMTP id i+F0NOkWPqt0 for ; - Wed, 22 Jul 2009 08:41:25 -0400 (EDT) -Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) - by zmta01.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 29C8193C01 - for ; Wed, 22 Jul 2009 08:41:25 -0400 (EDT) -Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) - by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n6MCfOiN011483 - for ; Wed, 22 Jul 2009 08:41:24 -0400 -Received: from mx.meyering.net (sebastian-int.corp.redhat.com [172.16.52.221]) - by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n6MCfNP5023290 - for ; Wed, 22 Jul 2009 08:41:23 -0400 -Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) - id 38377558B9; Wed, 22 Jul 2009 14:41:23 +0200 (CEST) -From: Jim Meyering -To: "Richard W. M. Jones" -Subject: [PATCH] "reged -e" should not dereference NULL -Date: Wed, 22 Jul 2009 14:41:23 +0200 -Message-ID: <87y6qg51qk.fsf@meyering.net> -MIME-Version: 1.0 -Content-Type: text/plain; charset=us-ascii -X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 -Status: RO -Content-Length: 871 -Lines: 27 - - ->From d9203daf8e29290ca82b2433722e9e56cd0ab73f Mon Sep 17 00:00:00 2001 -From: Jim Meyering -Date: Wed, 22 Jul 2009 14:25:14 +0200 -Subject: [PATCH] "reged -e" should not dereference NULL - -* reged.c (main): Diagnose a missing hive file name with -e. ---- - reged.c | 30 +++++++++++++++++------------- - 1 files changed, 17 insertions(+), 13 deletions(-) - -diff --git a/reged.c b/reged.c -index cf395bc..f99f94e 100644 ---- a/reged.c -+++ b/reged.c -@@ -99,6 +99,11 @@ int main(int argc, char **argv) - } - if (edit) { /* Call editor. Rest of arguments are considered hives to load */ - hivename = argv[optind+no_hives]; -+ if (!hivename) { -+ fprintf(stderr,"with -e you must specify at least one hive file name\n"); -+ usage(); -+ exit(1); -+ } - do { - if (!(hive[no_hives] = openHive(hivename, - HMODE_RW|mode))) { - diff --git a/chntpw-080526-robustness.patch b/chntpw-080526-robustness.patch deleted file mode 100644 index 531bf52..0000000 --- a/chntpw-080526-robustness.patch +++ /dev/null @@ -1,182 +0,0 @@ -From jim@meyering.net Mon Jul 20 16:46:56 2009 -Return-Path: jim@meyering.net -X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on amd.home.annexia.org -X-Spam-Level: -X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00, - UNPARSEABLE_RELAY autolearn=ham version=3.2.5 -Received: from mail.corp.redhat.com [10.5.5.51] - by amd.home.annexia.org with IMAP (fetchmail-6.3.8) - for (single-drop); Mon, 20 Jul 2009 16:46:56 +0100 (BST) -Received: from zmta02.collab.prod.int.phx2.redhat.com (LHLO - zmta02.collab.prod.int.phx2.redhat.com) (10.5.5.32) by - mail06.corp.redhat.com with LMTP; Mon, 20 Jul 2009 11:31:43 -0400 (EDT) -Received: from localhost (localhost.localdomain [127.0.0.1]) - by zmta02.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 27CD09E195 - for ; Mon, 20 Jul 2009 11:31:43 -0400 (EDT) -Received: from zmta02.collab.prod.int.phx2.redhat.com ([127.0.0.1]) - by localhost (zmta02.collab.prod.int.phx2.redhat.com [127.0.0.1]) (amavisd-new, port 10024) - with ESMTP id TTbuqA5poqWA for ; - Mon, 20 Jul 2009 11:31:43 -0400 (EDT) -Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) - by zmta02.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 087319E193 - for ; Mon, 20 Jul 2009 11:31:43 -0400 (EDT) -Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) - by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n6KFVfBF002494 - for ; Mon, 20 Jul 2009 11:31:42 -0400 -Received: from mx.meyering.net (sebastian-int.corp.redhat.com [172.16.52.221]) - by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n6KFVeiP013799 - for ; Mon, 20 Jul 2009 11:31:41 -0400 -Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) - id D157838154; Mon, 20 Jul 2009 17:31:40 +0200 (CEST) -From: Jim Meyering -To: "Richard W. M. Jones" -Subject: chntpw patches -Date: Mon, 20 Jul 2009 17:31:40 +0200 -Message-ID: <87my6z8j6r.fsf@meyering.net> -MIME-Version: 1.0 -Content-Type: text/plain; charset=us-ascii -X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 -Status: RO -Content-Length: 4197 -Lines: 140 - -Hi Rich, - -The first two were spotted via inspection. -The 3rd one was to address this: - - $ : > j && valgrind ./reged -e j - ~/w/co/chntpw: - ==16084== Memcheck, a memory error detector. - ==16084== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. - ==16084== Using LibVEX rev 1884, a library for dynamic binary translation. - ==16084== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. - ==16084== Using valgrind-3.4.1, a dynamic binary instrumentation framework. - ==16084== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. - ==16084== For more details, rerun with: -v - ==16084== - reged version 0.1 080526, (c) Petter N Hagen - ==16084== Invalid read of size 4 - ==16084== at 0x407D09: openHive (ntreg.c:2856) - ==16084== by 0x4011E3: main (reged.c:103) - ==16084== Address 0x4c230d8 is 0 bytes after a block of size 0 alloc'd - ==16084== at 0x4A05414: calloc (vg_replace_malloc.c:397) - ==16084== by 0x407C5C: openHive (ntreg.c:2840) - ==16084== by 0x4011E3: main (reged.c:103) - openHive(j): File does not seem to be a registry hive! - Simple registry editor. ? for help. - ==16084== - ==16084== Invalid read of size 2 - ==16084== at 0x403C4D: get_abs_path (ntreg.c:1204) - ==16084== by 0x408D57: regedit_interactive (edlib.c:379) - ==16084== by 0x401277: main (reged.c:111) - ==16084== Address 0x4c230dc is 4 bytes after a block of size 0 alloc'd - ==16084== at 0x4A05414: calloc (vg_replace_malloc.c:397) - ==16084== by 0x407C5C: openHive (ntreg.c:2840) - ==16084== by 0x4011E3: main (reged.c:103) - get_abs_path: Not a 'nk' node! - - > - - - ->From 5c287bb158db10af96b1f1f67d4df49a47323b94 Mon Sep 17 00:00:00 2001 -From: Jim Meyering -Date: Mon, 20 Jul 2009 09:57:13 -0400 -Subject: [PATCH 1/3] improved robustness - -* ntreg.c (fmyinput): Don't clobber ibuf[-1] upon NUL input. ---- - ntreg.c | 8 +++++--- - 1 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/ntreg.c b/ntreg.c -index e27a5b9..1b84410 100644 ---- a/ntreg.c -+++ b/ntreg.c -@@ -82,14 +82,16 @@ char *str_dup( const char *str ) - - int fmyinput(char *prmpt, char *ibuf, int maxlen) - { -- -+ int len; - printf("%s",prmpt); - - fgets(ibuf,maxlen+1,stdin); -+ len = strlen(ibuf); - -- ibuf[strlen(ibuf)-1] = 0; -+ if (len) -+ ibuf[len-1] = 0; - -- return(strlen(ibuf)); -+ return len; - } - - /* Print len number of hexbytes */ --- -1.6.2.5 - - ->From b9bfb44aa1bff1f9b7badf65425f8190352966a0 Mon Sep 17 00:00:00 2001 -From: Jim Meyering -Date: Mon, 20 Jul 2009 10:04:23 -0400 -Subject: [PATCH 2/3] robustness: avoid low-memory segfault - -* ntreg.c (convert_string): Don't segfault upon low memory. ---- - ntreg.c | 5 ++++- - 1 files changed, 4 insertions(+), 1 deletions(-) - -diff --git a/ntreg.c b/ntreg.c -index 1b84410..08f9124 100644 ---- a/ntreg.c -+++ b/ntreg.c -@@ -2585,7 +2585,10 @@ char * convert_string(void *string, int len) - int i, k; - int reallen = len / 2; - char *cstring = (char *)malloc(reallen); -- -+ if (cstring == NULL) { -+ printf("FATAL! convert_string: malloc() failed! Out of memory?\n"); -+ abort(); -+ } - for(i = 0, k = 0; i < len; i += 2, k++) - { - cstring[k] = ((char *)string)[i]; --- -1.6.2.5 - - ->From 81ae3189a8dffcdb3db7229cbe992ed12b8d1327 Mon Sep 17 00:00:00 2001 -From: Jim Meyering -Date: Mon, 20 Jul 2009 11:04:38 -0400 -Subject: [PATCH 3/3] robustness: avoid malfunction for too-small hive file - -* ntreg.c (openHive): Don't read uninitialized when file is too small. ---- - ntreg.c | 8 ++++++++ - 1 files changed, 8 insertions(+), 0 deletions(-) - -diff --git a/ntreg.c b/ntreg.c -index 08f9124..be6b680 100644 ---- a/ntreg.c -+++ b/ntreg.c -@@ -2847,6 +2847,14 @@ struct hive *openHive(char *filename, int mode) - return(NULL); - } - -+ if (r < sizeof (*hdesc)) { -+ fprintf(stderr, -+ "file is too small; got %d bytes while expecting %d or more\n", -+ r, sizeof (*hdesc)); -+ closeHive(hdesc); -+ return(NULL); -+ } -+ - /* Now run through file, tallying all pages */ - /* NOTE/KLUDGE: Assume first page starts at offset 0x1000 */ - --- -1.6.2.5 - diff --git a/chntpw-110511-detect-failure-to-write-key.patch b/chntpw-110511-detect-failure-to-write-key.patch new file mode 100644 index 0000000..818639d --- /dev/null +++ b/chntpw-110511-detect-failure-to-write-key.patch @@ -0,0 +1,19 @@ +diff -ur chntpw-110511.orig/ntreg.c chntpw-110511/ntreg.c +--- chntpw-110511.orig/ntreg.c 2011-05-11 12:33:56.000000000 -0700 ++++ chntpw-110511/ntreg.c 2011-11-01 13:45:02.550421729 -0700 +@@ -3389,7 +3389,14 @@ + + fprintf(file,"\r\n"); /* Must end file with an empty line, windows does that */ + +- fclose(file); ++ if (ferror (file)) { ++ printf("failed to write file '%s'\n", filename); ++ fclose (file); ++ return; ++ } ++ if (fclose(file)) ++ printf("failed to write file '%s': %s\n", filename, ++ strerror(errno)); + } + + /* ================================================================ */ diff --git a/chntpw-110511-get_abs_path.patch b/chntpw-110511-get_abs_path.patch new file mode 100644 index 0000000..dabcb3e --- /dev/null +++ b/chntpw-110511-get_abs_path.patch @@ -0,0 +1,11 @@ +diff -ur chntpw-110511.orig/ntreg.c chntpw-110511/ntreg.c +--- chntpw-110511.orig/ntreg.c 2011-05-11 12:33:56.000000000 -0700 ++++ chntpw-110511/ntreg.c 2011-11-01 13:36:13.362856892 -0700 +@@ -1436,6 +1436,7 @@ + } + + strncpy(tmp,path,ABSPATHLEN-1); ++ tmp[ABSPATHLEN-1] = '\0'; + + if (key->type & 0x20) + keyname = mem_str(key->keyname, key->len_name); diff --git a/chntpw-110511-port-to-gcrypt-debian.patch b/chntpw-110511-port-to-gcrypt-debian.patch new file mode 100644 index 0000000..eb053aa --- /dev/null +++ b/chntpw-110511-port-to-gcrypt-debian.patch @@ -0,0 +1,190 @@ +diff -ur chntpw-110511.orig/chntpw.c chntpw-110511/chntpw.c +--- chntpw-110511.orig/chntpw.c 2011-05-11 12:33:56.000000000 -0700 ++++ chntpw-110511/chntpw.c 2011-11-01 13:32:10.596579799 -0700 +@@ -65,12 +65,19 @@ + #include + #include + ++#if defined(USEOPENSSL) + #include + #include +-#define uchar u_char + #define MD4Init MD4_Init + #define MD4Update MD4_Update + #define MD4Final MD4_Final ++#elif defined(USELIBGCRYPT) ++ #include ++#else ++ #error No DES encryption and MD4 hashing library found ++#endif ++ ++#define uchar u_char + + #include "ntreg.h" + #include "sam.h" +@@ -142,7 +149,9 @@ + for (i=0;i<8;i++) { + key[i] = (key[i]<<1); + } ++#if defined(USEOPENSSL) + DES_set_odd_parity((des_cblock *)key); ++#endif + } + + /* +@@ -187,6 +196,7 @@ + + void E1(uchar *k, uchar *d, uchar *out) + { ++#if defined(USEOPENSSL) + des_key_schedule ks; + des_cblock deskey; + +@@ -197,6 +207,15 @@ + des_set_key((des_cblock *)deskey,ks); + #endif /* __FreeBsd__ */ + des_ecb_encrypt((des_cblock *)d,(des_cblock *)out, ks, DES_ENCRYPT); ++#elif defined(USELIBGCRYPT) ++ gcry_cipher_hd_t ks; ++ uchar deskey[8]; ++ str_to_key(k,deskey); ++ gcry_cipher_open(&ks, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); ++ gcry_cipher_setkey(ks, deskey, 8); ++ gcry_cipher_encrypt(ks, out, 8, d, 8); ++ gcry_cipher_close(ks); ++#endif + } + + +@@ -504,10 +523,18 @@ + int dontchange = 0; + struct user_V *v; + ++#ifdef USEOPENSSL + des_key_schedule ks1, ks2; + des_cblock deskey1, deskey2; + + MD4_CTX context; ++#elif defined(USELIBGCRYPT) ++ gcry_cipher_hd_t ks1, ks2; ++ uchar deskey1[8], deskey2[8]; ++ ++ unsigned char *p; ++ gcry_md_hd_t context; ++#endif + unsigned char digest[16]; + unsigned short acb; + +@@ -621,6 +648,7 @@ + hexprnt("Crypted LM pw: ",(unsigned char *)(vp+lmpw_offs),16); + } + ++#if defined(USEOPENSSL) + /* Get the two decrpt keys. */ + sid_to_key1(rid,(unsigned char *)deskey1); + des_set_key((des_cblock *)deskey1,ks1); +@@ -638,6 +666,25 @@ + (des_cblock *)lanman, ks1, DES_DECRYPT); + des_ecb_encrypt((des_cblock *)(vp+lmpw_offs + 8), + (des_cblock *)&lanman[8], ks2, DES_DECRYPT); ++#elif defined(USELIBGCRYPT) ++ /* Start the keys */ ++ gcry_cipher_open(&ks1, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); ++ gcry_cipher_open(&ks2, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0); ++ ++ /* Get the two decrpt keys. */ ++ sid_to_key1(rid,deskey1); ++ gcry_cipher_setkey(ks1, deskey1, 8); ++ sid_to_key2(rid,deskey2); ++ gcry_cipher_setkey(ks2, deskey2, 8); ++ ++ /* Decrypt the NT md4 password hash as two 8 byte blocks. */ ++ gcry_cipher_decrypt(ks1, md4, 8, vp+ntpw_offs, 8); ++ gcry_cipher_decrypt(ks2, &md4[8], 8, vp+ntpw_offs+8, 8); ++ ++ /* Decrypt the lanman password hash as two 8 byte blocks. */ ++ gcry_cipher_decrypt(ks1, lanman, 8, vp+lmpw_offs, 8); ++ gcry_cipher_decrypt(ks2, &lanman[8], 8, vp+lmpw_offs+8, 8); ++#endif + + if (gverbose) { + hexprnt("MD4 hash : ",(unsigned char *)md4,16); +@@ -693,9 +740,17 @@ + + /* printf("Ucase Lanman: %s\n",newlanpw); */ + ++#if defined(USEOPENSSL) + MD4Init (&context); + MD4Update (&context, newunipw, pl<<1); + MD4Final (digest, &context); ++#elif defined(USELIBGCRYPT) ++ gcry_md_open(&context, GCRY_MD_MD4, 0); ++ gcry_md_write(context, newunipw, pl<<1); ++ p = gcry_md_read(context, GCRY_MD_MD4); ++ if(p) memcpy(digest, p, gcry_md_get_algo_dlen(GCRY_MD_MD4)); ++ gcry_md_close(context); ++#endif + + if (gverbose) hexprnt("\nNEW MD4 hash : ",digest,16); + +@@ -704,6 +759,7 @@ + + if (gverbose) hexprnt("NEW LANMAN hash : ",(unsigned char *)lanman,16); + ++#if defined(USEOPENSSL) + /* Encrypt the NT md4 password hash as two 8 byte blocks. */ + des_ecb_encrypt((des_cblock *)digest, + (des_cblock *)despw, ks1, DES_ENCRYPT); +@@ -714,6 +770,18 @@ + (des_cblock *)newlandes, ks1, DES_ENCRYPT); + des_ecb_encrypt((des_cblock *)(lanman+8), + (des_cblock *)&newlandes[8], ks2, DES_ENCRYPT); ++#elif defined(USELIBGCRYPT) ++ /* Encrypt the NT md4 password hash as two 8 byte blocks. */ ++ gcry_cipher_encrypt(ks1, despw, 8, digest, 8); ++ gcry_cipher_encrypt(ks2, &despw[8], 8, digest+8, 8); ++ ++ gcry_cipher_encrypt(ks1, newlandes, 8, lanman, 8); ++ gcry_cipher_encrypt(ks2, &newlandes[8], 8, lanman+8, 8); ++ ++ /* Close keys, not needed after this */ ++ gcry_cipher_close(ks1); ++ gcry_cipher_close(ks2); ++#endif + + if (gverbose) { + hexprnt("NEW DES crypt : ",(unsigned char *)despw,16); +diff -ur chntpw-110511.orig/Makefile chntpw-110511/Makefile +--- chntpw-110511.orig/Makefile 2011-05-11 12:33:56.000000000 -0700 ++++ chntpw-110511/Makefile 2011-11-01 13:32:10.598579767 -0700 +@@ -1,28 +1,11 @@ + # + # Makefile for the Offline NT Password Editor + # +-# +-# Change here to point to the needed OpenSSL libraries & .h files +-# See INSTALL for more info. +-# +- +-#SSLPATH=/usr/local/ssl +-OSSLPATH=/usr +-OSSLINC=$(OSSLPATH)/include + + CC=gcc ++CFLAGS=-DUSELIBGCRYPT -g -I. $(shell libgcrypt-config --cflags) -Wall $(EXTRA_CFLAGS) + +-# Force 32 bit +-CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 +-OSSLLIB=$(OSSLPATH)/lib +- +-# 64 bit if default for compiler setup +-#CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall +-#OSSLLIB=$(OSSLPATH)/lib64 +- +- +-# This is to link with whatever we have, SSL crypto lib we put in static +-LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a ++LIBS=$(shell libgcrypt-config --libs) + + all: chntpw chntpw.static cpnt reged reged.static + diff --git a/chntpw-110511-reged-no-deref-null.patch b/chntpw-110511-reged-no-deref-null.patch new file mode 100644 index 0000000..0193cd4 --- /dev/null +++ b/chntpw-110511-reged-no-deref-null.patch @@ -0,0 +1,15 @@ +diff -ur chntpw-110511.orig/reged.c chntpw-110511/reged.c +--- chntpw-110511.orig/reged.c 2011-05-11 12:33:56.000000000 -0700 ++++ chntpw-110511/reged.c 2011-11-01 13:46:55.569625286 -0700 +@@ -167,6 +167,11 @@ + + if (edit) { /* Call editor. Rest of arguments are considered hives to load */ + hivename = argv[optind+no_hives]; ++ if (!hivename) { ++ fprintf(stderr,"with -e you must specify at least one hive file name\n"); ++ usage(); ++ exit(1); ++ } + do { + if (!(hive[no_hives] = openHive(hivename, + HMODE_RW|mode))) { diff --git a/chntpw-110511-robustness.patch b/chntpw-110511-robustness.patch new file mode 100644 index 0000000..11ea781 --- /dev/null +++ b/chntpw-110511-robustness.patch @@ -0,0 +1,38 @@ +diff -ur chntpw-110511.orig/ntreg.c chntpw-110511/ntreg.c +--- chntpw-110511.orig/ntreg.c 2011-05-11 12:33:56.000000000 -0700 ++++ chntpw-110511/ntreg.c 2011-11-01 13:42:22.125974945 -0700 +@@ -190,14 +190,16 @@ + + int fmyinput(char *prmpt, char *ibuf, int maxlen) + { +- ++ int len; + printf("%s",prmpt); + + fgets(ibuf,maxlen+1,stdin); ++ len = strlen(ibuf); + +- ibuf[strlen(ibuf)-1] = 0; ++ if (len) ++ ibuf[len-1] = 0; + +- return(strlen(ibuf)); ++ return len; + } + + /* Print len number of hexbytes */ +@@ -4120,6 +4122,14 @@ + return(NULL); + } + ++ if (r < sizeof (*hdesc)) { ++ fprintf(stderr, ++ "file is too small; got %d bytes while expecting %d or more\n", ++ r, sizeof (*hdesc)); ++ closeHive(hdesc); ++ return(NULL); ++ } ++ + /* Now run through file, tallying all pages */ + /* NOTE/KLUDGE: Assume first page starts at offset 0x1000 */ + diff --git a/chntpw.spec b/chntpw.spec index 717753f..7399cd6 100644 --- a/chntpw.spec +++ b/chntpw.spec @@ -1,12 +1,12 @@ Name: chntpw # Version is taken from HISTORY.txt Version: 0.99.6 -Release: 15%{?dist} +Release: 16.110511%{?dist} Summary: Change passwords in Windows SAM files Group: Applications/Engineering License: GPLv2 URL: http://pogostick.net/~pnh/ntpasswd/ -Source0: http://pogostick.net/~pnh/ntpasswd/chntpw-source-080526.zip +Source0: http://pogostick.net/~pnh/ntpasswd/chntpw-source-110511.zip Source2: chntpw-README.Dist # The man page is borrowed from Debian Source3: chntpw-chntpw.8 @@ -15,18 +15,16 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: libgcrypt-devel # Patches sent upstream on 2009-06-08. -Patch0: chntpw-080526-keyname-overflow.patch -Patch1: chntpw-080526-get_abs_path.patch -Patch2: chntpw-080526-no-value.patch +Patch1: chntpw-110511-get_abs_path.patch # Patch from Debian (RHBZ#504595). -Patch3: chntpw-080526-port-to-gcrypt-debian.patch +Patch3: chntpw-110511-port-to-gcrypt-debian.patch # Patches from Jim Meyering to improve robustness of the code. -Patch4: chntpw-080526-robustness.patch +Patch4: chntpw-110511-robustness.patch Patch5: chntpw-080526-correct-test-for-failing-open-syscall.patch -Patch6: chntpw-080526-detect-failure-to-write-key.patch -Patch7: chntpw-080526-reged-no-deref-null.patch +Patch6: chntpw-110511-detect-failure-to-write-key.patch +Patch7: chntpw-110511-reged-no-deref-null.patch %description @@ -41,15 +39,13 @@ than password editing. %prep -%setup -q -n %{name}-080526 +%setup -q -n %{name}-110511 cp -p %{SOURCE2} README.Dist sed -e 's/\r$//' WinReg.txt > WinReg.txt.eol touch -c -r WinReg.txt WinReg.txt.eol mv WinReg.txt.eol WinReg.txt -%patch0 -p1 %patch1 -p1 -%patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 @@ -86,6 +82,14 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Tue Nov 1 2011 Conrad Meyer - 0.99.6-16.110511 +- Update to latest upstream (110511) (#750005). +- Update fedora patches to apply cleanly, dropping useless hunks + as needed. +- Add upstream version to "Release" tag, so that people can + actually tell which version of upstream we're shipping from the + rpm version. + * Tue Feb 08 2011 Fedora Release Engineering - 0.99.6-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild diff --git a/sources b/sources index 954d9c8..585eeb4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -09addfe7ae469677da39ed66d83858d3 chntpw-source-080526.zip +a3fb358d1adec589cd6bc8dedf68896c chntpw-source-110511.zip