emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

crypt() in glibc/eglibc 2.17 now fails if passed

Browse Source 
a salt that violates specs. On Linux, crypt() also fails with
DES/MD5 salts in FIPS140 mode. Rather than exit() on NULL returns
we send them back to the caller for appropriate handling.
This commit is contained in:
mancha
2013-07-28 18:41:11 +02:00
committed by bubulle
parent a6769c050b
commit 52a38d5509
10 changed files with 65 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/newgrp.c
View File

@@ -184,7 +184,8 @@ static void check_perms (const struct group *grp,
cpasswd = pw_encrypt (cp, grp->gr_passwd);
strzero (cp);
if (grp->gr_passwd[0] == '\0' ||
if (cpasswd == NULL ||
grp->gr_passwd[0] == '\0' ||
strcmp (cpasswd, grp->gr_passwd) != 0) {
#ifdef WITH_AUDIT
snprintf (audit_buf, sizeof(audit_buf),