hofmann's projects / dragonfly.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 841c6f6) | patch
Fix for password truncation when using crypt(3) with DES
authorAggelos Economopoulos <aoiko@cc.ece.ntua.gr>
Wed, 30 May 2012 14:03:21 +0000 (16:03 +0200)
committerSascha Wildner <saw@online.de>
Thu, 31 May 2012 16:31:06 +0000 (18:31 +0200)
commit4aea093ab000a69c4b50678bf207d046dfdb8428
treeb6d41527777c0d388d196cf7001d6b21a917b823tree | snapshot
parent841c6f6afda3745508e4b60b45903dfccd6e779ccommit | diff
Fix for password truncation when using crypt(3) with DES

Passwords containing a 0x80 byte (UTF-8 encoded ones, ASCII and
ISO-8859-* not affected) would get truncated as if a '\0' byte
had been encountered. This could result in some very weak passwords.

Reported-by: Rubin Xu, Joseph Bonneau, Donting Yu (CVE-2012-2143)
secure/lib/libcrypt/crypt-des.c diff | blob | blame | history
hofmann's DragonFly repo