diff options
Diffstat (limited to 'source/n/yptools/yp-tools-2.14-glibc217-crypt.diff')
| -rw-r--r-- | source/n/yptools/yp-tools-2.14-glibc217-crypt.diff | 86 |
1 files changed, 0 insertions, 86 deletions
diff --git a/source/n/yptools/yp-tools-2.14-glibc217-crypt.diff b/source/n/yptools/yp-tools-2.14-glibc217-crypt.diff deleted file mode 100644 index 148b06632..000000000 --- a/source/n/yptools/yp-tools-2.14-glibc217-crypt.diff +++ /dev/null @@ -1,86 +0,0 @@ -Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL -(w/ NULL return) if the salt violates specifications. Additionally, -on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords -passed to crypt() fail with EPERM (w/ NULL return). - -If using glibc's crypt(), check return value to avoid a possible -NULL pointer dereference. - -Author: mancha - -==== - ---- yp-tools-2.14/src/yppasswd.c.orig 2010-04-21 -+++ yp-tools-2.14/src/yppasswd.c 2013-05-22 -@@ -423,6 +423,7 @@ static int /* return values: 0 = not ok, - verifypassword (struct passwd *pwd, char *pwdstr, uid_t uid) - { - char *p, *q; -+ char *crypted_pass; - int ucase, lcase, other, r; - int passwdlen; - -@@ -448,12 +449,19 @@ verifypassword (struct passwd *pwd, char - } - - passwdlen = get_passwd_len (pwd->pw_passwd); -- if (pwd->pw_passwd[0] -- && !strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), passwdlen) -- && uid) -+ if (pwd->pw_passwd[0] && uid) - { -- fputs (_("You cannot reuse the old password.\n"), stderr); -- return 0; -+ crypted_pass = crypt (pwdstr, pwd->pw_passwd); -+ if (crypted_pass == NULL) -+ { -+ fputs (_("crypt() call failed.\n"), stderr); -+ return 0; -+ } -+ if (!strncmp (pwd->pw_passwd, crypted_pass, passwdlen)) -+ { -+ fputs (_("You cannot reuse the old password.\n"), stderr); -+ return 0; -+ } - } - - r = 0; -@@ -517,6 +525,7 @@ int - main (int argc, char **argv) - { - char *s, *progname, *domainname = NULL, *user = NULL, *master = NULL; -+ char *crypted_pass; - int f_flag = 0, l_flag = 0, p_flag = 0, error, status; - int hash_id = DES; - char rounds[11] = "\0"; /* max length is '999999999$' */ -@@ -738,7 +747,13 @@ main (int argc, char **argv) - char *sane_passwd = alloca (passwdlen + 1); - strncpy (sane_passwd, pwd->pw_passwd, passwdlen); - sane_passwd[passwdlen] = 0; -- if (strcmp (crypt (s, sane_passwd), sane_passwd)) -+ crypted_pass = crypt (s, sane_passwd); -+ if (crypted_pass == NULL) -+ { -+ fprintf (stderr, _("crypt() call failed.\n")); -+ return 1; -+ } -+ if (strcmp (crypted_pass, sane_passwd)) - { - fprintf (stderr, _("Sorry.\n")); - return 1; -@@ -833,7 +848,14 @@ main (int argc, char **argv) - break; - } - -- yppwd.newpw.pw_passwd = strdup (crypt (buf, salt)); -+ crypted_pass = crypt (buf, salt); -+ if (crypted_pass == NULL) -+ { -+ printf (_("crypt() call failed - password unchanged.\n")); -+ return 1; -+ } -+ -+ yppwd.newpw.pw_passwd = strdup (crypted_pass); - } - - if (f_flag) |