Fix for password truncation when using crypt(3) with DES
authorAggelos Economopoulos <aoiko@cc.ece.ntua.gr>
Wed, 30 May 2012 14:03:21 +0000 (16:03 +0200)
committerAggelos Economopoulos <aoiko@cc.ece.ntua.gr>
Wed, 30 May 2012 14:03:21 +0000 (16:03 +0200)
Passwords containing a 0x80 byte (UTF-8 encoded ones, ASCII and
ISO-8859-* not affected) would get truncated as if a '\0' byte
had been encountered. This could result in some very weak passwords.

Reported-by: Rubin Xu, Joseph Bonneau, Donting Yu (CVE-2012-2143)
secure/lib/libcrypt/crypt-des.c

index 9387751..a1e93d3 100644 (file)
@@ -602,7 +602,8 @@ crypt_des(const char *key, const char *setting)
         */
        q = (u_char *) keybuf;
        while (q - (u_char *) keybuf - 8) {
-               if ((*q++ = *key << 1))
+               *q++ = *key << 1;
+               if (*key != '\0')
                        key++;
        }
        if (des_setkey((u_char *) keybuf))