[Pkg-shadow-commits] r1457 - in upstream/trunk: . lib

nekral-guest at alioth.debian.org nekral-guest at alioth.debian.org
Sat Nov 24 00:37:37 UTC 2007 

Author: nekral-guest
Date: 2007-11-24 00:37:37 +0000 (Sat, 24 Nov 2007)
New Revision: 1457

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/lib/encrypt.c
Log:
If we requested a non DES encryption, make sure crypt returned a encrypted
password longer than 13 chars. This protects against the GNU crypt() which
does not return NULL if the algorithm is not supported, and return a DES
encrypted password.


Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2007-11-24 00:28:25 UTC (rev 1456)
+++ upstream/trunk/ChangeLog	2007-11-24 00:37:37 UTC (rev 1457)
@@ -1,5 +1,12 @@
 2007-11-24  Nicolas François  <nicolas.francois at centraliens.net>
 
+	* lib/encrypt.c: If we requested a non DES encryption, make sure
+	crypt returned a encrypted password longer than 13 chars. This
+	protects against the GNU crypt() which does not return NULL if the
+	algorithm is not supported, and return a DES encrypted password.
+
+2007-11-24  Nicolas François  <nicolas.francois at centraliens.net>
+
 	* lib/groupio.c: Add missing #include "getdef.h"
 
 2007-11-24  Nicolas François  <nicolas.francois at centraliens.net>

Modified: upstream/trunk/lib/encrypt.c
===================================================================
--- upstream/trunk/lib/encrypt.c	2007-11-24 00:28:25 UTC (rev 1456)
+++ upstream/trunk/lib/encrypt.c	2007-11-24 00:37:37 UTC (rev 1457)
@@ -49,6 +49,32 @@
 		perror ("crypt");
 		exit (1);
 	}
+
+	/* The GNU crypt does not return NULL if the algorithm is not
+	 * supported, and return a DES encrypted password. */
+	if (salt && salt[0] == '$' && strlen (cp) <= 13)
+	{
+		char *method = "$1$";
+		switch (salt[1])
+		{
+			case '1':
+				method = "MD5";
+				break;
+			case '5':
+				method = "SHA256";
+				break;
+			case '6':
+				method = "SHA512";
+				break;
+			default:
+				method[1] = salt[1];
+		}
+		fprintf (stderr,
+			 _("crypt method not supported by libcrypt? (%s)\n"),
+			  method);
+		exit (1);
+	}
+
 	if (strlen (cp) != 13)
 		return cp;	/* nonstandard crypt() in libc, better bail out */
 	strcpy (cipher, cp);

More information about the Pkg-shadow-commits mailing list