If we requested a non DES encryption, make sure crypt returned a encrypted

password longer than 13 chars. This protects against the GNU crypt() which does not return NULL if the algorithm is not supported, and return a DES encrypted password.
2007-11-24 00:37:37 +00:00 · 2007-11-24 00:37:37 +00:00 · ee5c48d51c
commit ee5c48d51c
parent 6ffc0f820a
2 changed files with 33 additions and 0 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+2007-11-24  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* lib/encrypt.c: If we requested a non DES encryption, make sure
+	crypt returned a encrypted password longer than 13 chars. This
+	protects against the GNU crypt() which does not return NULL if the
+	algorithm is not supported, and return a DES encrypted password.
+
 2007-11-24  Nicolas François  <nicolas.francois@centraliens.net>

 	* lib/groupio.c: Add missing #include "getdef.h"
--- a/lib/encrypt.c
+++ b/lib/encrypt.c
@ -49,6 +49,32 @@ char *pw_encrypt (const char *clear, const char *salt)
 		perror ("crypt");
 		exit (1);
 	}
+
+	/* The GNU crypt does not return NULL if the algorithm is not
+	 * supported, and return a DES encrypted password. */
+	if (salt && salt[0] == '$' && strlen (cp) <= 13)
+	{
+		char *method = "$1$";
+		switch (salt[1])
+		{
+			case '1':
+				method = "MD5";
+				break;
+			case '5':
+				method = "SHA256";
+				break;
+			case '6':
+				method = "SHA512";
+				break;
+			default:
+				method[1] = salt[1];
+		}
+		fprintf (stderr,
+			 _("crypt method not supported by libcrypt? (%s)\n"),
+			  method);
+		exit (1);
+	}
+
 	if (strlen (cp) != 13)
 		return cp;	/* nonstandard crypt() in libc, better bail out */
 	strcpy (cipher, cp);