Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SHA_CRYPT_{MIN/MAX}_ROUNDS vs. SHA_ROUNDS_DEFAULT #393

Closed
ernibert opened this issue Jul 26, 2021 · 0 comments · Fixed by #400
Closed

SHA_CRYPT_{MIN/MAX}_ROUNDS vs. SHA_ROUNDS_DEFAULT #393

ernibert opened this issue Jul 26, 2021 · 0 comments · Fixed by #400

Comments

@ernibert
Copy link

ernibert commented Jul 26, 2021
edited

Issue:
chpasswd and passwd "hang" for several minutes (10-20min) at 100% cpu usage (while they finally terminate successfully).

System:
newly built Linux system with shadows installed by configure/make/make install. SHA_CRYPT_{MIN/MAX}_ROUNDS are unset out in /etc/login.defs.

Cause:
Looks like the passwords are hashed somehow using the maximum value of encryption rounds (999999999) as the resulting password line in /etc/shadow shows:
root:$6$rounds=999999999$yBrrL1jQHN.00...iWC.:18834:0:99999:7:::

Solution:
I'm not sure if i got it all right - but this tweak made chpasswd/passwd working again:

diff -Naur shadow-4.9.orig/libmisc/salt.c shadow-4.9/libmisc/salt.c
--- shadow-4.9.orig/libmisc/salt.c	2021-07-22 23:55:35.000000000 +0200
+++ shadow-4.9/libmisc/salt.c	2021-07-26 19:34:49.882862891 +0200
@@ -221,7 +221,7 @@
 		long max_rounds = getdef_long ("SHA_CRYPT_MAX_ROUNDS", -1);
 
 		if ((-1 == min_rounds) && (-1 == max_rounds)) {
-			rounds = SHA_ROUNDS_DEFAULT;
+			min_rounds = SHA_ROUNDS_DEFAULT;
 		}
 
 		if (-1 == min_rounds) {
@ernibert ernibert changed the title SHA_CRYPT_{MIN/MAX}_ROUNDS misinterpreted SHA_CRYPT_{MIN/MAX}_ROUNDS vs. SHA_ROUNDS_DEFAULT Jul 26, 2021
floppym added a commit to floppym/shadow that referenced this issue Aug 14, 2021
@floppym
libmisc: fix default value in SHA_get_salt_rounds()
234e8fa 
If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified,
use SHA_ROUNDS_DEFAULT.

Previously, the code fell through, calling shadow_random(-1, -1). This
ultimately set rounds = (unsigned long) -1, which ends up being a very
large number! This then got capped to SHA_ROUNDS_MAX later in the
function.

The new behavior matches BCRYPT_get_salt_rounds().

Bug: https://bugs.gentoo.org/808195
Fixes: shadow-maint#393
@floppym floppym mentioned this issue Aug 14, 2021
Merged
halstead pushed a commit to openembedded/openembedded-core that referenced this issue Aug 16, 2021
@rpurdie
shadow: fix default value in SHA_get_salt_rounds()
8a922f6 
Backport a patch [1] to fix chpasswd, gpasswd and passwd "hang" for
several minutes (10-20min) at 100% cpu usage though they finally
terminate successfully.

[1] shadow-maint/shadow#393

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead pushed a commit to openembedded/openembedded-core that referenced this issue Aug 16, 2021
@rpurdie
shadow: fix default value in SHA_get_salt_rounds()
6ec2b18 
Backport a patch [1] to fix chpasswd, gpasswd and passwd "hang" for
several minutes (10-20min) at 100% cpu usage though they finally
terminate successfully.

[1] shadow-maint/shadow#393

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj pushed a commit to YoeDistro/poky-old that referenced this issue Aug 16, 2021
@rpurdie
shadow: fix default value in SHA_get_salt_rounds()
dd88e7a 
Backport a patch [1] to fix chpasswd, gpasswd and passwd "hang" for
several minutes (10-20min) at 100% cpu usage though they finally
terminate successfully.

[1] shadow-maint/shadow#393

(From OE-Core rev: 6ec2b1806d2a1a2df2d763ae0db5ea1cdaa738d7)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead pushed a commit to openembedded/openembedded-core that referenced this issue Aug 16, 2021
@rpurdie
shadow: fix default value in SHA_get_salt_rounds()
3fc1c68 
Backport a patch [1] to fix chpasswd, gpasswd and passwd "hang" for
several minutes (10-20min) at 100% cpu usage though they finally
terminate successfully.

[1] shadow-maint/shadow#393

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj pushed a commit to YoeDistro/poky-old that referenced this issue Aug 16, 2021
@rpurdie
shadow: fix default value in SHA_get_salt_rounds()
3b2fde5 
Backport a patch [1] to fix chpasswd, gpasswd and passwd "hang" for
several minutes (10-20min) at 100% cpu usage though they finally
terminate successfully.

[1] shadow-maint/shadow#393

(From OE-Core rev: 3fc1c689eb6753bf97b9b661cc7fe5cfc9e32144)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj pushed a commit to YoeDistro/openembedded-core that referenced this issue Aug 16, 2021
@kraj
shadow: fix default value in SHA_get_salt_rounds()
07ca586 
Backport a patch [1] to fix chpasswd, gpasswd and passwd "hang" for
several minutes (10-20min) at 100% cpu usage though they finally
terminate successfully.

[1] shadow-maint/shadow#393

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
kraj pushed a commit to YoeDistro/openembedded-core that referenced this issue Aug 17, 2021
@kraj
shadow: fix default value in SHA_get_salt_rounds()
5295708 
Backport a patch [1] to fix chpasswd, gpasswd and passwd "hang" for
several minutes (10-20min) at 100% cpu usage though they finally
terminate successfully.

[1] shadow-maint/shadow#393

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
halstead pushed a commit to openembedded/openembedded-core that referenced this issue Aug 17, 2021
@rpurdie
shadow: fix default value in SHA_get_salt_rounds()
ad8c62f 
Backport a patch [1] to fix chpasswd, gpasswd and passwd "hang" for
several minutes (10-20min) at 100% cpu usage though they finally
terminate successfully.

[1] shadow-maint/shadow#393

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
seambot pushed a commit to seamapi/poky that referenced this issue Aug 17, 2021
@rpurdie
shadow: fix default value in SHA_get_salt_rounds()
6566a99 
Backport a patch [1] to fix chpasswd, gpasswd and passwd "hang" for
several minutes (10-20min) at 100% cpu usage though they finally
terminate successfully.

[1] shadow-maint/shadow#393

(From OE-Core rev: ad8c62f988017e1e4da1f5ed7fb6f4a5ce44844e)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
daregit pushed a commit to daregit/yocto-combined that referenced this issue May 22, 2024
@rpurdie
src/poky:shadow: fix default value in SHA_get_salt_rounds()
7877d2d 
Backport a patch [1] to fix chpasswd, gpasswd and passwd "hang" for
several minutes (10-20min) at 100% cpu usage though they finally
terminate successfully.

[1] shadow-maint/shadow#393

(From OE-Core rev: ad8c62f988017e1e4da1f5ed7fb6f4a5ce44844e)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
daregit pushed a commit to daregit/yocto-combined that referenced this issue May 22, 2024
@rpurdie
src/poky:shadow: fix default value in SHA_get_salt_rounds()
3daffaf 
Backport a patch [1] to fix chpasswd, gpasswd and passwd "hang" for
several minutes (10-20min) at 100% cpu usage though they finally
terminate successfully.

[1] shadow-maint/shadow#393

(From OE-Core rev: ad8c62f988017e1e4da1f5ed7fb6f4a5ce44844e)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

libmisc: fix default value in SHA_get_salt_rounds() floppym/shadow
1 participant
@ernibert