polachok's projects / dragonfly.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c9155ff) | patch
Fix for password truncation when using crypt(3) with DES
authorAggelos Economopoulos <aoiko@cc.ece.ntua.gr>
Wed, 30 May 2012 14:03:21 +0000 (16:03 +0200)
committerAggelos Economopoulos <aoiko@cc.ece.ntua.gr>
Wed, 30 May 2012 14:03:21 +0000 (16:03 +0200)
commit258ad0e4ed39d0c826df841276397d7d1c2365a3
tree4d2f1d9f51af0023d1772125b3b5c7015404aa3ftree | snapshot
parentc9155fffe7e022279a469b24472bad1be1eccb33commit | diff
Fix for password truncation when using crypt(3) with DES

Passwords containing a 0x80 byte (UTF-8 encoded ones, ASCII and
ISO-8859-* not affected) would get truncated as if a '\0' byte
had been encountered. This could result in some very weak passwords.

Reported-by: Rubin Xu, Joseph Bonneau, Donting Yu (CVE-2012-2143)
secure/lib/libcrypt/crypt-des.c diff | blob | blame | history
polachok's DragonFly repo