[Bug 7808] New: crypt(3) does not fail for invalid salts
bugzilla at busybox.net
bugzilla at busybox.net
Mon Jan 19 13:40:46 UTC 2015
https://bugs.busybox.net/show_bug.cgi?id=7808
Summary: crypt(3) does not fail for invalid salts
Product: uClibc
Version: unspecified
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
AssignedTo: unassigned at uclibc.org
ReportedBy: nmav at redhat.com
CC: uclibc-cvs at uclibc.org
Estimated Hours: 0.0
Created attachment 5816
--> https://bugs.busybox.net/attachment.cgi?id=5816
Reproducer
crypt(3) in uclibc does not fail if $5$ is provided and sha2crypt is disabled.
That according to:
http://git.uclibc.org/uClibc/tree/libcrypt/crypt.c
will proceed into running __des_crypt with the invalid salt (the dollar '$'
character is invalid for descrypt), and produce some invalid value - e.g.
$5yVOkTkyRzn. - which can only be checked back with uclibc's crypt(). The
reason the dollar sign was used as separator in blowfish crypt and then
md5crypt was the fact that it would be found as invalid by descrypt.
The important side effect, is that it is impossible to runtime query the
capabilities of uclibc crypt(). In fact I found this bug because my software
wouldn't fallback to md5crypt if sha2crypt wasn't supported.
I attach a test case which reproduces the issue.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the uClibc-cvs
mailing list