If we requested a non DES encryption, make sure crypt returned a encrypted

password longer than 13 chars. This protects against the GNU crypt() which
does not return NULL if the algorithm is not supported, and return a DES
encrypted password.
This commit is contained in:
nekral-guest 2007-11-24 00:37:37 +00:00
parent 6ffc0f820a
commit ee5c48d51c
2 changed files with 33 additions and 0 deletions

View File

@ -1,3 +1,10 @@
2007-11-24 Nicolas François <nicolas.francois@centraliens.net>
* lib/encrypt.c: If we requested a non DES encryption, make sure
crypt returned a encrypted password longer than 13 chars. This
protects against the GNU crypt() which does not return NULL if the
algorithm is not supported, and return a DES encrypted password.
2007-11-24 Nicolas François <nicolas.francois@centraliens.net> 2007-11-24 Nicolas François <nicolas.francois@centraliens.net>
* lib/groupio.c: Add missing #include "getdef.h" * lib/groupio.c: Add missing #include "getdef.h"

View File

@ -49,6 +49,32 @@ char *pw_encrypt (const char *clear, const char *salt)
perror ("crypt"); perror ("crypt");
exit (1); exit (1);
} }
/* The GNU crypt does not return NULL if the algorithm is not
* supported, and return a DES encrypted password. */
if (salt && salt[0] == '$' && strlen (cp) <= 13)
{
char *method = "$1$";
switch (salt[1])
{
case '1':
method = "MD5";
break;
case '5':
method = "SHA256";
break;
case '6':
method = "SHA512";
break;
default:
method[1] = salt[1];
}
fprintf (stderr,
_("crypt method not supported by libcrypt? (%s)\n"),
method);
exit (1);
}
if (strlen (cp) != 13) if (strlen (cp) != 13)
return cp; /* nonstandard crypt() in libc, better bail out */ return cp; /* nonstandard crypt() in libc, better bail out */
strcpy (cipher, cp); strcpy (cipher, cp);