emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

crypt() in glibc/eglibc 2.17 now fails if passed

Browse Source 
a salt that violates specs. On Linux, crypt() also fails with
DES/MD5 salts in FIPS140 mode. Rather than exit() on NULL returns
we send them back to the caller for appropriate handling.
This commit is contained in:
mancha
2013-07-28 18:41:11 +02:00
committed by bubulle
parent a6769c050b
commit 52a38d5509
10 changed files with 65 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/chgpasswd.c
View File

@ -469,6 +469,10 @@ int main (int argc, char **argv)
#endif
cp = pw_encrypt (newpwd,
crypt_make_salt (crypt_method, arg));
if (cp == NULL) {
perror ("crypt");
exit (EXIT_FAILURE);
}
}
/*

4
src/chpasswd.c
View File

@ -492,6 +492,10 @@ int main (int argc, char **argv)
#endif
cp = pw_encrypt (newpwd,
crypt_make_salt(crypt_method, arg));
if (cp == NULL) {
perror ("crypt");
exit (EXIT_FAILURE);
}
}
/*

4
src/gpasswd.c
View File

@ -939,6 +939,10 @@ static void change_passwd (struct group *gr)
}
cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
if (cp==NULL) {
perror ("crypt");
exit (EXIT_FAILURE);
}
memzero (pass, sizeof pass);
#ifdef SHADOWGRP
if (is_shadowgrp) {

3
src/newgrp.c
View File

@ -184,7 +184,8 @@ static void check_perms (const struct group *grp,
cpasswd = pw_encrypt (cp, grp->gr_passwd);
strzero (cp);
if (grp->gr_passwd[0] == '\0' ||
if (cpasswd == NULL ||
grp->gr_passwd[0] == '\0' ||
strcmp (cpasswd, grp->gr_passwd) != 0) {
#ifdef WITH_AUDIT
snprintf (audit_buf, sizeof(audit_buf),

26
src/newusers.c
View File

@ -387,6 +387,7 @@ static int add_user (const char *name, uid_t uid, gid_t gid)
static void update_passwd (struct passwd *pwd, const char *password)
{
void *crypt_arg = NULL;
char *cp;
if (crypt_method != NULL) {
#ifdef USE_SHA_CRYPT
if (sflg) {
@ -398,9 +399,13 @@ static void update_passwd (struct passwd *pwd, const char *password)
if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) {
pwd->pw_passwd = (char *)password;
} else {
pwd->pw_passwd = pw_encrypt (password,
crypt_make_salt (crypt_method,
crypt_arg));
cp=pw_encrypt (password, crypt_make_salt (crypt_method,
crypt_arg));
if (cp == NULL) {
perror ("crypt");
exit (EXIT_FAILURE);
}
pwd->pw_passwd = cp;
}
}
#endif /* !USE_PAM */
@ -412,6 +417,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
{
const struct spwd *sp;
struct spwd spent;
char *cp;
#ifndef USE_PAM
void *crypt_arg = NULL;
@ -448,7 +454,12 @@ static int add_passwd (struct passwd *pwd, const char *password)
} else {
const char *salt = crypt_make_salt (crypt_method,
crypt_arg);
spent.sp_pwdp = pw_encrypt (password, salt);
cp = pw_encrypt (password, salt);
if (cp == NULL) {
perror ("crypt");
exit (EXIT_FAILURE);
}
spent.sp_pwdp = cp;
}
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
if (0 == spent.sp_lstchg) {
@ -492,7 +503,12 @@ static int add_passwd (struct passwd *pwd, const char *password)
spent.sp_pwdp = (char *)password;
} else {
const char *salt = crypt_make_salt (crypt_method, crypt_arg);
spent.sp_pwdp = pw_encrypt (password, salt);
cp = pw_encrypt (password, salt);
if (cp == NULL) {
perror ("crypt");
exit (EXIT_FAILURE);
}
spent.sp_pwdp = cp;
}
#else
/*

6
src/passwd.c
View File

@ -242,7 +242,7 @@ static int new_password (const struct passwd *pw)
}
cipher = pw_encrypt (clear, crypt_passwd);
if (strcmp (cipher, crypt_passwd) != 0) {
if ((cipher == NULL) || (strcmp (cipher, crypt_passwd) != 0)) {
strzero (clear);
strzero (cipher);
SYSLOG ((LOG_WARN, "incorrect password for %s",
@ -349,6 +349,10 @@ static int new_password (const struct passwd *pw)
* Encrypt the password, then wipe the cleartext password.
*/
cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
if (cp == NULL) {
perror ("crypt");
exit (EXIT_FAILURE);
}
memzero (pass, sizeof pass);
#ifdef HAVE_LIBCRACK_HIST