crypt() in glibc/eglibc 2.17 now fails if passed

a salt that violates specs. On Linux, crypt() also fails with DES/MD5 salts in FIPS140 mode. Rather than exit() on NULL returns we send them back to the caller for appropriate handling.
2013-07-28 18:41:11 +02:00
parent a6769c050b
commit 52a38d5509
10 changed files with 65 additions and 12 deletions
--- a/lib/encrypt.c
+++ b/lib/encrypt.c
@@ -49,11 +49,10 @@
 	if (!cp) {
 		/*
 		 * Single Unix Spec: crypt() may return a null pointer,
-		 * and set errno to indicate an error.  The caller doesn't
-		 * expect us to return NULL, so...
+		 * and set errno to indicate an error. In this case return
+		 * the NULL so the caller can handle appropriately.
 		 */
-		perror ("crypt");
-		exit (EXIT_FAILURE);
+		return cp;
 	}

 	/* The GNU crypt does not return NULL if the algorithm is not
--- a/lib/pwauth.c
+++ b/lib/pwauth.c
@@ -73,6 +73,7 @@ int pw_auth (const char *cipher,
 	char prompt[1024];
 	char *clear = NULL;
 	const char *cp;
+	const char *encrypted;
 	int retval;

 #ifdef	SKEY
@@ -177,7 +178,11 @@ int pw_auth (const char *cipher,
 	 * the results there as well.
 	 */

-	retval = strcmp (pw_encrypt (input, cipher), cipher);
+	encrypted = pw_encrypt (input, cipher);
+	if (encrypted!=NULL)
+		retval = strcmp (encrypted, cipher);
+	else
+		retval = -1;

 #ifdef  SKEY
 	/*