libbb: make pw_encrypt() die if supplied salt is bad (e.g. emply)
Fished from 520-loginutils-handle-crypt-failures.patch in openwrt
function old new delta
pw_encrypt 913 927 +14
des_crypt 1327 1318 -9
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/1 up/down: 14/-9) Total: 5 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
diff --git a/libbb/pw_encrypt.c b/libbb/pw_encrypt.c
index 47c2069..a60c33c 100644
--- a/libbb/pw_encrypt.c
+++ b/libbb/pw_encrypt.c
@@ -120,6 +120,7 @@
if (!des_cctx)
des_cctx = const_des_init();
des_ctx = des_init(des_ctx, des_cctx);
+ /* Can return NULL if salt is bad ("" or "<one_char>") */
return des_crypt(des_ctx, xzalloc(DES_OUT_BUFSIZE), (unsigned char*)key, (unsigned char*)salt);
}
@@ -137,6 +138,8 @@
char *encrypted;
encrypted = my_crypt(clear, salt);
+ if (!encrypted)
+ bb_simple_error_msg_and_die("bad salt");
if (cleanup)
my_crypt_cleanup();
@@ -148,14 +151,16 @@
char* FAST_FUNC pw_encrypt(const char *clear, const char *salt, int cleanup)
{
- char *s;
+ char *encrypted;
- s = crypt(clear, salt);
+ encrypted = crypt(clear, salt);
/*
* glibc used to return "" on malformed salts (for example, ""),
* but since 2.17 it returns NULL.
*/
- return xstrdup(s ? s : "");
+ if (!encrypted || !encrypted[0])
+ bb_simple_error_msg_and_die("bad salt");
+ return xstrdup(encrypted);
}
#endif