/*
* Added more values to handle illegal salt values the way normal crypt()
- * implementations do. The patch was sent by Bjorn Gronvall <bg@sics.se>
+ * implementations do.
*/
static unsigned const char con_salt[128] = {
0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9,
static char buff[14];
#ifndef CHARSET_EBCDIC
- return (DES_fcrypt(buf, salt, buff));
+ return DES_fcrypt(buf, salt, buff);
#else
char e_salt[2 + 1];
char e_buf[32 + 1]; /* replace 32 by 8 ? */
char *ret;
- /* Copy at most 2 chars of salt */
- if ((e_salt[0] = salt[0]) != '\0')
- e_salt[1] = salt[1];
+ if (salt[0] == '\0' || salt[1] == '\0')
+ return NULL;
- /* Copy at most 32 chars of password */
- strncpy(e_buf, buf, sizeof(e_buf));
+ /* Copy salt, convert to ASCII. */
+ e_salt[0] = salt[0];
+ e_salt[1] = salt[1];
+ e_salt[2] = '\0';
+ ebcdic2ascii(e_salt, e_salt, sizeof(e_salt));
- /* Make sure we have a delimiter */
- e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0';
+ /* Convert password to ASCII. */
+ OPENSSL_strlcpy(e_buf, buf, sizeof(e_buf));
+ ebcdic2ascii(e_buf, e_buf, sizeof(e_buf));
- /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
- ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
-
- /* Convert the cleartext password to ASCII */
- ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
-
- /* Encrypt it (from/to ASCII) */
+ /* Encrypt it (from/to ASCII); if it worked, convert back. */
ret = DES_fcrypt(e_buf, e_salt, buff);
-
- /* Convert the result back to EBCDIC */
- ascii2ebcdic(ret, ret, strlen(ret));
+ if (ret != NULL)
+ ascii2ebcdic(ret, ret, strlen(ret));
return ret;
#endif
unsigned char *b = bb;
unsigned char c, u;
- /*
- * eay 25/08/92 If you call crypt("pwd","*") as often happens when you
- * have * as the pwd field in /etc/passwd, the function returns
- * *\0XXXXXXXXX The \0 makes the string look like * so the pwd "*" would
- * crypt to "*". This was found when replacing the crypt in our shared
- * libraries. People found that the disabled accounts effectively had no
- * passwd :-(.
- */
-#ifndef CHARSET_EBCDIC
- x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]);
+ x = ret[0] = salt[0];
+ if (x == 0 || x >= sizeof(con_salt))
+ return NULL;
Eswap0 = con_salt[x] << 2;
- x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]);
+ x = ret[1] = salt[1];
+ if (x == 0 || x >= sizeof(con_salt))
+ return NULL;
Eswap1 = con_salt[x] << 6;
-#else
- x = ret[0] = ((salt[0] == '\0') ? os_toascii['A'] : salt[0]);
- Eswap0 = con_salt[x] << 2;
- x = ret[1] = ((salt[1] == '\0') ? os_toascii['A'] : salt[1]);
- Eswap1 = con_salt[x] << 6;
-#endif
/*
* EAY r=strlen(buf); r=(r+7)/8;
ret[i] = cov_2char[c];
}
ret[13] = '\0';
- return (ret);
+ return ret;
}
projects / oweals / openssl.git / blobdiff