[Pkg-shadow-commits] r1457 - in upstream/trunk: . lib
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Sat Nov 24 00:37:37 UTC 2007
Author: nekral-guest
Date: 2007-11-24 00:37:37 +0000 (Sat, 24 Nov 2007)
New Revision: 1457
Modified:
upstream/trunk/ChangeLog
upstream/trunk/lib/encrypt.c
Log:
If we requested a non DES encryption, make sure crypt returned a encrypted
password longer than 13 chars. This protects against the GNU crypt() which
does not return NULL if the algorithm is not supported, and return a DES
encrypted password.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2007-11-24 00:28:25 UTC (rev 1456)
+++ upstream/trunk/ChangeLog 2007-11-24 00:37:37 UTC (rev 1457)
@@ -1,5 +1,12 @@
2007-11-24 Nicolas François <nicolas.francois at centraliens.net>
+ * lib/encrypt.c: If we requested a non DES encryption, make sure
+ crypt returned a encrypted password longer than 13 chars. This
+ protects against the GNU crypt() which does not return NULL if the
+ algorithm is not supported, and return a DES encrypted password.
+
+2007-11-24 Nicolas François <nicolas.francois at centraliens.net>
+
* lib/groupio.c: Add missing #include "getdef.h"
2007-11-24 Nicolas François <nicolas.francois at centraliens.net>
Modified: upstream/trunk/lib/encrypt.c
===================================================================
--- upstream/trunk/lib/encrypt.c 2007-11-24 00:28:25 UTC (rev 1456)
+++ upstream/trunk/lib/encrypt.c 2007-11-24 00:37:37 UTC (rev 1457)
@@ -49,6 +49,32 @@
perror ("crypt");
exit (1);
}
+
+ /* The GNU crypt does not return NULL if the algorithm is not
+ * supported, and return a DES encrypted password. */
+ if (salt && salt[0] == '$' && strlen (cp) <= 13)
+ {
+ char *method = "$1$";
+ switch (salt[1])
+ {
+ case '1':
+ method = "MD5";
+ break;
+ case '5':
+ method = "SHA256";
+ break;
+ case '6':
+ method = "SHA512";
+ break;
+ default:
+ method[1] = salt[1];
+ }
+ fprintf (stderr,
+ _("crypt method not supported by libcrypt? (%s)\n"),
+ method);
+ exit (1);
+ }
+
if (strlen (cp) != 13)
return cp; /* nonstandard crypt() in libc, better bail out */
strcpy (cipher, cp);
More information about the Pkg-shadow-commits
mailing list