summaryrefslogtreecommitdiffstats
path: root/secure
diff options
context:
space:
mode:
authorcsgr <csgr@FreeBSD.org>1994-09-19 19:26:39 +0000
committercsgr <csgr@FreeBSD.org>1994-09-19 19:26:39 +0000
commit20327548ff16038e16be7b65b1afd9d6a3a6f3d3 (patch)
treeae86757b624ead19d7042114ba676cb38295c5b5 /secure
parent355abe59dff4c56fd5bcc8e5b64c7bec5e5611ad (diff)
downloadFreeBSD-src-20327548ff16038e16be7b65b1afd9d6a3a6f3d3.zip
FreeBSD-src-20327548ff16038e16be7b65b1afd9d6a3a6f3d3.tar.gz
More elegant fix for short settings.
(Our existing fixes already plugged the security holes involved.) Submitted by: Geoff Rehmet after consultation with David Burren
Diffstat (limited to 'secure')
-rw-r--r--secure/lib/libcrypt/crypt-des.c30
-rw-r--r--secure/lib/libcrypt/crypt.c30
2 files changed, 38 insertions, 22 deletions
diff --git a/secure/lib/libcrypt/crypt-des.c b/secure/lib/libcrypt/crypt-des.c
index 6d22506..18a45669 100644
--- a/secure/lib/libcrypt/crypt-des.c
+++ b/secure/lib/libcrypt/crypt-des.c
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: crypt.c,v 1.3 1994/09/07 07:16:44 pst Exp $
+ * $Id: crypt.c,v 1.4 1994/09/07 07:47:08 pst Exp $
*
* This is an original implementation of the DES and the crypt(3) interfaces
* by David Burren <davidb@werj.com.au>.
@@ -592,14 +592,6 @@ crypt(char *key, char *setting)
if (!des_initialised)
des_init();
- /*
- * Need to check if setting is "*" - otherwise
- * crypt(k, "*") gives back "*"
- */
- for(i = 0 ; i < 2; i++)
- if(setting[i] == '\0')
- { setting[i] = 'A'; break ; }
-
/*
* Copy the key, shifting each character up by one bit
@@ -642,7 +634,16 @@ crypt(char *key, char *setting)
return(NULL);
}
strncpy(output, setting, 9);
- p = output + 9;
+
+ /*
+ * Double check that we weren't given a short setting.
+ * If we were, the above code will probably have created
+ * wierd values for count and salt, but we don't really care.
+ * Just make sure the output string doesn't have an extra
+ * NUL in it.
+ */
+ output[9] = '\0';
+ p = output + strlen(output);
} else {
/*
* "old"-style:
@@ -655,7 +656,14 @@ crypt(char *key, char *setting)
| ascii_to_bin(setting[0]);
output[0] = setting[0];
- output[1] = setting[1];
+ /*
+ * If the encrypted password that the salt was extracted from
+ * is only 1 character long, the salt will be corrupted. We
+ * need to ensure that the output string doesn't have an extra
+ * NUL in it!
+ */
+ output[1] = setting[1] ? setting[1] : output[0];
+
p = output + 2;
}
setup_salt(salt);
diff --git a/secure/lib/libcrypt/crypt.c b/secure/lib/libcrypt/crypt.c
index 6d22506..18a45669 100644
--- a/secure/lib/libcrypt/crypt.c
+++ b/secure/lib/libcrypt/crypt.c
@@ -32,7 +32,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $Id: crypt.c,v 1.3 1994/09/07 07:16:44 pst Exp $
+ * $Id: crypt.c,v 1.4 1994/09/07 07:47:08 pst Exp $
*
* This is an original implementation of the DES and the crypt(3) interfaces
* by David Burren <davidb@werj.com.au>.
@@ -592,14 +592,6 @@ crypt(char *key, char *setting)
if (!des_initialised)
des_init();
- /*
- * Need to check if setting is "*" - otherwise
- * crypt(k, "*") gives back "*"
- */
- for(i = 0 ; i < 2; i++)
- if(setting[i] == '\0')
- { setting[i] = 'A'; break ; }
-
/*
* Copy the key, shifting each character up by one bit
@@ -642,7 +634,16 @@ crypt(char *key, char *setting)
return(NULL);
}
strncpy(output, setting, 9);
- p = output + 9;
+
+ /*
+ * Double check that we weren't given a short setting.
+ * If we were, the above code will probably have created
+ * wierd values for count and salt, but we don't really care.
+ * Just make sure the output string doesn't have an extra
+ * NUL in it.
+ */
+ output[9] = '\0';
+ p = output + strlen(output);
} else {
/*
* "old"-style:
@@ -655,7 +656,14 @@ crypt(char *key, char *setting)
| ascii_to_bin(setting[0]);
output[0] = setting[0];
- output[1] = setting[1];
+ /*
+ * If the encrypted password that the salt was extracted from
+ * is only 1 character long, the salt will be corrupted. We
+ * need to ensure that the output string doesn't have an extra
+ * NUL in it!
+ */
+ output[1] = setting[1] ? setting[1] : output[0];
+
p = output + 2;
}
setup_salt(salt);
OpenPOWER on IntegriCloud