[PATCH] correct_password: Handle NULL from crypt

Ralf Friedl Ralf.Friedl at online.de
Tue Feb 4 08:43:03 UTC 2014


Lauri Kasanen wrote:
> As with many other software, busybox was also broken by the glibc >=
> 2.17 behavior change. Now crypt() returns NULL if either salt or
> password is invalid.
>
> This causes busybox 1.21, 1.22, and git su to segfault, when you just
> press enter at the password prompt (configured to use system crypt() of
> course).
>
> The attached patch fixes su. You may want to check every other call to
> crypt() in busybox.
>
> - Lauri
A simple way to fix this for all users of pw_encrypt is to change 
pw_encrypt:
char* FAST_FUNC pw_encrypt(const char *clear, const char *salt, int cleanup)
{
         char *res = crypt(clear, salt);
         if (!res)
                 res = ""; // Or whatever value crypt previously returned
         return xstrdup(res);
}



More information about the busybox mailing list