If we requested a non DES encryption, make sure crypt returned a encrypted
password longer than 13 chars. This protects against the GNU crypt() which does not return NULL if the algorithm is not supported, and return a DES encrypted password.
This commit is contained in:
parent
6ffc0f820a
commit
ee5c48d51c
@ -1,3 +1,10 @@
|
|||||||
|
2007-11-24 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
* lib/encrypt.c: If we requested a non DES encryption, make sure
|
||||||
|
crypt returned a encrypted password longer than 13 chars. This
|
||||||
|
protects against the GNU crypt() which does not return NULL if the
|
||||||
|
algorithm is not supported, and return a DES encrypted password.
|
||||||
|
|
||||||
2007-11-24 Nicolas François <nicolas.francois@centraliens.net>
|
2007-11-24 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* lib/groupio.c: Add missing #include "getdef.h"
|
* lib/groupio.c: Add missing #include "getdef.h"
|
||||||
|
@ -49,6 +49,32 @@ char *pw_encrypt (const char *clear, const char *salt)
|
|||||||
perror ("crypt");
|
perror ("crypt");
|
||||||
exit (1);
|
exit (1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* The GNU crypt does not return NULL if the algorithm is not
|
||||||
|
* supported, and return a DES encrypted password. */
|
||||||
|
if (salt && salt[0] == '$' && strlen (cp) <= 13)
|
||||||
|
{
|
||||||
|
char *method = "$1$";
|
||||||
|
switch (salt[1])
|
||||||
|
{
|
||||||
|
case '1':
|
||||||
|
method = "MD5";
|
||||||
|
break;
|
||||||
|
case '5':
|
||||||
|
method = "SHA256";
|
||||||
|
break;
|
||||||
|
case '6':
|
||||||
|
method = "SHA512";
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
method[1] = salt[1];
|
||||||
|
}
|
||||||
|
fprintf (stderr,
|
||||||
|
_("crypt method not supported by libcrypt? (%s)\n"),
|
||||||
|
method);
|
||||||
|
exit (1);
|
||||||
|
}
|
||||||
|
|
||||||
if (strlen (cp) != 13)
|
if (strlen (cp) != 13)
|
||||||
return cp; /* nonstandard crypt() in libc, better bail out */
|
return cp; /* nonstandard crypt() in libc, better bail out */
|
||||||
strcpy (cipher, cp);
|
strcpy (cipher, cp);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user