Project

General

Profile

Actions

Defect #30171

closed

Decrypting LDAP and SCM passwords fail if the plaintext password is longer than 31 bytes

Added by Go MAEDA almost 6 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Database
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

This issue is originally reported to the community repository on GitHub by Nik Il.

https://github.com/redmine/redmine/pull/112/files

encode64 adds \n every 60 symbols, switch to strict_encode64 method, because .strip not working


Files

0001-Update-ciphering.rb.patch (849 Bytes) 0001-Update-ciphering.rb.patch patch by Nik Il Go MAEDA, 2018-12-10 07:38
test-for-30171.diff (831 Bytes) test-for-30171.diff test for Nik Il's patch Go MAEDA, 2018-12-16 06:00

Related issues

Related to Redmine - Feature #7411: Option to cipher LDAP ans SCM passwords stored in the databaseClosed2011-01-22

Actions
Actions #1

Updated by Go MAEDA almost 6 years ago

  • Related to Feature #7411: Option to cipher LDAP ans SCM passwords stored in the database added
Actions #2

Updated by Go MAEDA almost 6 years ago

  • Subject changed from Passwords encryption does not work if the password is longer than 31 characters to Passwords encryption does not work if the password is longer than 31 bytes
Actions #3

Updated by Go MAEDA almost 6 years ago

  • Status changed from New to Confirmed

Confirmed the problem.

Index: test/unit/lib/redmine/ciphering_test.rb
===================================================================
--- test/unit/lib/redmine/ciphering_test.rb    (revision 17702)
+++ test/unit/lib/redmine/ciphering_test.rb    (working copy)
@@ -92,15 +92,16 @@
   end

   def test_decrypt_all
+    long_password = SecureRandom.alphanumeric(32)
     Repository.delete_all
     Redmine::Configuration.with 'database_cipher_key' => 'secret' do
       Repository::Subversion.create!(:password => 'foo', :url => 'file:///tmp', :identifier => 'foo')
-      Repository::Subversion.create!(:password => 'bar', :url => 'file:///tmp', :identifier => 'bar')
+      Repository::Subversion.create!(:password => long_password, :url => 'file:///tmp', :identifier => 'bar')

       assert Repository.decrypt_all(:password)
       r = Repository.order('id DESC').first
-      assert_equal 'bar', r.password
-      assert_equal 'bar', r.read_attribute(:password)
+      assert_equal long_password, r.password
+      assert_equal long_password, r.read_attribute(:password)
     end
   end
 end
laphroaig:redmine-trunk maeda$ ruby test/unit/lib/redmine/ciphering_test.rb
Run options: --seed 15544

# Running:

.F

Failure:
Redmine::CipheringTest#test_decrypt_all [test/unit/lib/redmine/ciphering_test.rb:103]:
--- expected
+++ actual
@@ -1,2 +1,2 @@
-# encoding: US-ASCII
-"YW1zLuz0jcoHerKvHsApD9GVCrRMKXc8" 
+"aes-256-cbc:a99hBE62VjbiZNoexSoakctQIKCAO31BoSVOw5krfBF24VUoMBpzrsytazMl
+tP+j--+TqRamucQbcZfeaeGIBLxA==" 

bin/rails test test/unit/lib/redmine/ciphering_test.rb:94

......

Finished in 0.354780s, 22.5492 runs/s, 42.2797 assertions/s.
8 runs, 15 assertions, 1 failures, 0 errors, 0 skips
Actions #4

Updated by Go MAEDA almost 6 years ago

  • Target version set to 3.4.8
Actions #5

Updated by Federico Vera almost 6 years ago

This issue also affected Vault Plugin and was fixed in Issue 43

Since Vault uses Redmine's encryption, perhaps it could help.

Regards

Actions #6

Updated by Go MAEDA almost 6 years ago

Updated the test in order to catch the problem.

Actions #7

Updated by Go MAEDA almost 6 years ago

  • Subject changed from Passwords encryption does not work if the password is longer than 31 bytes to Decrypting LDAP and SCM passwords fail if the plaintext password is longer than 31 bytes
  • Status changed from Confirmed to Resolved
  • Resolution set to Fixed

Committed the patches.

Actions #8

Updated by Go MAEDA almost 6 years ago

  • Status changed from Resolved to Closed
Actions #9

Updated by Go MAEDA almost 6 years ago

  • Assignee set to Go MAEDA
Actions

Also available in: Atom PDF