libbb: make pw_encrypt() die if supplied salt is bad (e.g. emply)

Fished from 520-loginutils-handle-crypt-failures.patch in openwrt function old new delta pw_encrypt 913 927 +14 des_crypt 1327 1318 -9 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 1/1 up/down: 14/-9) Total: 5 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2020-12-15 23:19:22 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2020-12-15 23:19:22 +0100
commit: 73d93d9f83180a6149f363aaca131e281d2a52ff (patch)
tree: ae75b7d6f386436586943ab16434ab29e60a6e5d /libbb/pw_encrypt_des.c
parent: f3d6711c971cde8ed3890a47020c5083a383e606 (diff)
download: busybox-w32-73d93d9f83180a6149f363aaca131e281d2a52ff.tar.gz
busybox-w32-73d93d9f83180a6149f363aaca131e281d2a52ff.tar.bz2
busybox-w32-73d93d9f83180a6149f363aaca131e281d2a52ff.zip
1 files changed, 11 insertions, 14 deletions
diff --git a/libbb/pw_encrypt_des.c b/libbb/pw_encrypt_des.c
index c6fc328d8..dcd3521e2 100644
--- a/libbb/pw_encrypt_des.c
+++ b/libbb/pw_encrypt_des.c
@@ -713,11 +713,15 @@ to64_msb_first(char *s, unsigned v)
 static char *
 NOINLINE
 des_crypt(struct des_ctx *ctx, char output[DES_OUT_BUFSIZE],
-                const unsigned char *key, const unsigned char *setting)
+                const unsigned char *key, const unsigned char *salt_str)
 {
        uint32_t salt, r0, r1, keybuf[2];
        uint8_t *q;
+        /* Bad salt? Mimic crypt() API - return NULL */
+        if (!salt_str[0] || !salt_str[1])
+                return NULL;
        /*
         * Copy the key, shifting each character up by one bit
         * and padding with zeros.
@@ -732,22 +736,15 @@ des_crypt(struct des_ctx *ctx, char output[DES_OUT_BUFSIZE],
        des_setkey(ctx, (char *)keybuf);
        /*
-         * setting - 2 bytes of salt
+         * salt_str - 2 bytes of salt
         * key - up to 8 characters
         */
-        salt = (ascii_to_bin(setting[1]) << 6)
+        output[0] = salt_str[0];
-             |  ascii_to_bin(setting[0]);
+        output[1] = salt_str[1];
+        salt = (ascii_to_bin(salt_str[1]) << 6)
-        output[0] = setting[0];
+             |  ascii_to_bin(salt_str[0]);
-        /*
-         * If the encrypted password that the salt was extracted from
-         * is only 1 character long, the salt will be corrupted.  We
-         * need to ensure that the output string doesn't have an extra
-         * NUL in it!
-         */
-        output[1] = setting[1] ? setting[1] : output[0];
        setup_salt(ctx, salt);
        /* Do it. */
        do_des(ctx, /*0, 0,*/ &r0, &r1, 25 /* count */);
author	Denys Vlasenko <vda.linux@googlemail.com>	2020-12-15 23:19:22 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2020-12-15 23:19:22 +0100
commit	73d93d9f83180a6149f363aaca131e281d2a52ff (patch)
tree	ae75b7d6f386436586943ab16434ab29e60a6e5d /libbb/pw_encrypt_des.c
parent	f3d6711c971cde8ed3890a47020c5083a383e606 (diff)
download	busybox-w32-73d93d9f83180a6149f363aaca131e281d2a52ff.tar.gz busybox-w32-73d93d9f83180a6149f363aaca131e281d2a52ff.tar.bz2 busybox-w32-73d93d9f83180a6149f363aaca131e281d2a52ff.zip

diff --git a/libbb/pw_encrypt_des.c b/libbb/pw_encrypt_des.c index c6fc328d8..dcd3521e2 100644 --- a/libbb/pw_encrypt_des.c +++ b/libbb/pw_encrypt_des.c
@@ -713,11 +713,15 @@ to64_msb_first(char *s, unsigned v)
713	static char *	713	static char *
714	NOINLINE	714	NOINLINE
715	des_crypt(struct des_ctx *ctx, char output[DES_OUT_BUFSIZE],	715	des_crypt(struct des_ctx *ctx, char output[DES_OUT_BUFSIZE],
716	const unsigned char key, const unsigned char setting)	716	const unsigned char key, const unsigned char salt_str)
717	{	717	{
718	uint32_t salt, r0, r1, keybuf[2];	718	uint32_t salt, r0, r1, keybuf[2];
719	uint8_t *q;	719	uint8_t *q;
720		720
		721	/* Bad salt? Mimic crypt() API - return NULL */
		722	if (!salt_str[0] \|\| !salt_str[1])
		723	return NULL;
		724
721	/*	725	/*
722	* Copy the key, shifting each character up by one bit	726	* Copy the key, shifting each character up by one bit
723	* and padding with zeros.	727	* and padding with zeros.
@@ -732,22 +736,15 @@ des_crypt(struct des_ctx *ctx, char output[DES_OUT_BUFSIZE],
732	des_setkey(ctx, (char *)keybuf);	736	des_setkey(ctx, (char *)keybuf);
733		737
734	/*	738	/*
735	* setting - 2 bytes of salt	739	* salt_str - 2 bytes of salt
736	* key - up to 8 characters	740	* key - up to 8 characters
737	*/	741	*/
738	salt = (ascii_to_bin(setting[1]) << 6)	742	output[0] = salt_str[0];
739	\| ascii_to_bin(setting[0]);	743	output[1] = salt_str[1];
740		744	salt = (ascii_to_bin(salt_str[1]) << 6)
741	output[0] = setting[0];	745	\| ascii_to_bin(salt_str[0]);
742	/*
743	* If the encrypted password that the salt was extracted from
744	* is only 1 character long, the salt will be corrupted. We
745	* need to ensure that the output string doesn't have an extra
746	* NUL in it!
747	*/
748	output[1] = setting[1] ? setting[1] : output[0];
749
750	setup_salt(ctx, salt);	746	setup_salt(ctx, salt);
		747
751	/* Do it. */	748	/* Do it. */
752	do_des(ctx, /0, 0,/ &r0, &r1, 25 /* count */);	749	do_des(ctx, /0, 0,/ &r0, &r1, 25 /* count */);
753		750