[Bug 7808] New: crypt(3) does not fail for invalid salts

bugzilla at busybox.net bugzilla at busybox.net
Mon Jan 19 13:40:46 UTC 2015


https://bugs.busybox.net/show_bug.cgi?id=7808

           Summary: crypt(3) does not fail for invalid salts
           Product: uClibc
           Version: unspecified
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Other
        AssignedTo: unassigned at uclibc.org
        ReportedBy: nmav at redhat.com
                CC: uclibc-cvs at uclibc.org
   Estimated Hours: 0.0


Created attachment 5816
  --> https://bugs.busybox.net/attachment.cgi?id=5816
Reproducer

crypt(3) in uclibc does not fail if $5$ is provided and sha2crypt is disabled.

That according to:
http://git.uclibc.org/uClibc/tree/libcrypt/crypt.c

will proceed into running __des_crypt with the invalid salt (the dollar '$'
character is invalid for descrypt), and produce some invalid value - e.g.
$5yVOkTkyRzn. - which can only be checked back with uclibc's crypt(). The
reason the dollar sign was used as separator in blowfish crypt and then
md5crypt was the fact that it would be found as invalid by descrypt.

The important side effect, is that it is impossible to runtime query the
capabilities of uclibc crypt(). In fact I found this bug because my software
wouldn't fallback to md5crypt if sha2crypt wasn't supported.

I attach a test case which reproduces the issue.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the uClibc-cvs mailing list