[PATCH] correct_password: Handle NULL from crypt

Lauri Kasanen curaga at operamail.com
Mon Feb 3 16:50:00 UTC 2014


As with many other software, busybox was also broken by the glibc >=
2.17 behavior change. Now crypt() returns NULL if either salt or
password is invalid.

This causes busybox 1.21, 1.22, and git su to segfault, when you just
press enter at the password prompt (configured to use system crypt() of

Program terminated with signal 11, Segmentation fault.
#0  0xb760cb84 in strcmp () from /lib/libc.so.6
(gdb) bt full
#0  0xb760cb84 in strcmp () from /lib/libc.so.6
No symbol table info available.
#1  0x080493d3 in ask_and_check_password_extended ()
No symbol table info available.

The attached patch fixes su. You may want to check every other call to
crypt() in busybox.

- Lauri

http://www.fastmail.fm - A fast, anti-spam email service.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-correct_password-Handle-NULL-from-crypt.patch
Type: text/x-diff
Size: 934 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20140203/06add13f/attachment.bin>

More information about the busybox mailing list