[git commit] libbb/yescrypt: fix salts ending in dots (corresponding to binary zeros)
Denys Vlasenko
vda.linux at googlemail.com
Mon Jul 7 15:26:47 UTC 2025
commit: https://git.busybox.net/busybox/commit/?id=479d8db99faa005783fc483d0830314d6156e51f
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
libbb/yescrypt/alg-yescrypt-common.c | 2 +-
testsuite/cryptpw.tests | 20 ++++++++++++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/libbb/yescrypt/alg-yescrypt-common.c b/libbb/yescrypt/alg-yescrypt-common.c
index 1e896df64..262fe82fb 100644
--- a/libbb/yescrypt/alg-yescrypt-common.c
+++ b/libbb/yescrypt/alg-yescrypt-common.c
@@ -94,7 +94,7 @@ static const uint8_t *decode64(
store:
dbg_dec64(" storing bits:%d v:%08x", bits, (int)SWAP_BE32(value)); //BE to see lsb first
while (dstpos < *dstlen) {
- if (srclen == 0 && value == 0) {
+ if (srclen == 0 && value == 0 && bits < 8) {
/* Example: mkpasswd PWD '$y$j9T$123':
* the "123" is bits:18 value:03,51,00
* is considered to be 2 bytes, not 3!
diff --git a/testsuite/cryptpw.tests b/testsuite/cryptpw.tests
index ef04e20d7..ab8f32d8e 100755
--- a/testsuite/cryptpw.tests
+++ b/testsuite/cryptpw.tests
@@ -65,6 +65,9 @@ testing 'cryptpw yescrypt with non-standard N=2048 instead of 4096 (j8T instead
'$y$j8T$123456789012345678901234$JQUUfopCxlfZNE8f.THJwbOkhy.XtB3GIjo9HUVioWB\n' \
'' ''
# mkpasswd-5.6.2 allows short salts for yescrypt
+# ...but there is a catch. Not all of them.
+# The "partial" (not fitting in whole bytes) ascii64-encoded salt
+# is a special case. For example, "$zzz" would not even work in upstream.
testing 'cryptpw yescrypt with empty salt' \
'cryptpw -m yescrypt qweRTY123 at -+ j9T\$' \
'$y$j9T$$hpeksL94GXNRwnA00L3c8WFy0khFAUbCpBSak.N3Bp.\n' \
@@ -73,6 +76,23 @@ testing 'cryptpw yescrypt with 3-char salt' \
'cryptpw -m yescrypt qweRTY123 at -+ j9T\$123' \
'$y$j9T$123$A34DMIGUbUIo3bjx66Wtk2IFoREMIw6d49it25KQh2D\n' \
'' ''
+# "." is not allowed in mkpasswd-5.6.2
+# ....................................
+# ".." is decoded into one zero byte (not two)
+testing 'cryptpw yescrypt with 2-char salt ".."' \
+ 'cryptpw -m yescrypt qweRTY123 at -+ j9T\$..' \
+ '$y$j9T$..$yVHeOayxOGg6cHL3.dg10u7T.qSgySfLN3uhSVSLNn/\n' \
+ '' ''
+# "..." is decoded into two zero bytes (not three, not one)
+testing 'cryptpw yescrypt with 3-char salt "..."' \
+ 'cryptpw -m yescrypt qweRTY123 at -+ j9T\$...' \
+ '$y$j9T$...$xHvJ5USZ7hFyXYbOijtEOMfZRS23cWIxu2eIBXRymA5\n' \
+ '' ''
+# "...." is decoded into three zero bytes (no surprises here)
+testing 'cryptpw yescrypt with 4-char salt "...."' \
+ 'cryptpw -m yescrypt qweRTY123 at -+ j9T\$....' \
+ '$y$j9T$....$wOnauYL2/NEtr6YQi9pi8AtV7L57sEbVOAnWJIcP9q2\n' \
+ '' ''
testing 'cryptpw yescrypt with 84-char salt (max size)' \
'cryptpw -m yescrypt qweRTY123 at -+ j9T\$123456789012345678901234567890123456789012345678901234567890123456789012345678901234' \
'$y$j9T$123456789012345678901234567890123456789012345678901234567890123456789012345678901234$ubrUuPCpI97LIMlVMt/A0Mhs/kBK2UBJYcQSxEZSlz4\n' \
More information about the busybox-cvs
mailing list