Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 Apr 2012 14:23:52 -0400 (EDT)
From: Paul Wouters <pwouters@...hat.com>
To: passwdqc-users@...ts.openwall.com
Subject: Patch for crypt() possible returning NULL


crypt() can return NULL, but the passwdqc code assumes it always
returns a valid pointer.

This can happen when the machine is in FIPS mode, but the requested
crypt() method via the $x$ modifier specifies a prohibited hashing
method.

Paul
diff -Naur passwdqc-1.2.2-orig/pam_passwdqc.c passwdqc-1.2.2/pam_passwdqc.c
--- passwdqc-1.2.2-orig/pam_passwdqc.c	2010-06-22 15:39:27.000000000 -0400
+++ passwdqc-1.2.2/pam_passwdqc.c	2012-04-23 14:11:23.676495390 -0400
@@ -186,9 +186,9 @@
 
 static int check_pass(struct passwd *pw, const char *pass)
 {
+	const char *hash;
 #ifdef HAVE_SHADOW
 	struct spwd *spw;
-	const char *hash;
 	int retval;
 
 #ifdef __hpux
@@ -205,13 +205,20 @@
 #else
 		hash = crypt(pass, spw->sp_pwdp);
 #endif
+		if(hash == NULL)
+			return -1;
+
 		retval = strcmp(hash, spw->sp_pwdp) ? -1 : 0;
 		memset(spw->sp_pwdp, 0, strlen(spw->sp_pwdp));
 		return retval;
 	}
 #endif
 
-	return strcmp(crypt(pass, pw->pw_passwd), pw->pw_passwd) ? -1 : 0;
+	hash = crypt(pass, pw->pw_passwd);
+	if(hash == NULL)
+		return -1;
+
+	return strcmp(hash, pw->pw_passwd) ? -1 : 0;
 }
 
 static int am_root(pam_handle_t *pamh)

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ