git.librecmc.org Git - oweals/openwrt.git/commit

author	Jo-Philipp Wich <jo@mein.io>
	Tue, 22 Jan 2019 11:01:09 +0000 (12:01 +0100)
committer	Jo-Philipp Wich <jo@mein.io>
	Tue, 22 Jan 2019 11:08:00 +0000 (12:08 +0100)
commit	1211832977b98c491d1198ab66c4f8ffc0886a87
tree	c0ecece94e3ab17b967d5401f48d4c944a083381	tree \| snapshot
parent	5d1399788ac2bd0fe53b9b727ba38cf2060de8fc	commit \| diff

busybox: handle crypt() errors in loginutils

The crypt(3) function is allowed to fail with either EINVAL or ENOSYS when
the given salt is either invalid or when the requested algorithm is not
implemented.

In such a case, libbb's pw_encrypt() function will silently convert the
crypt() NULL return value into an empty string which is then processed
without further errors by utilities such as chpasswd or passwd, causing
them to set an empty password when an unsupported cipher is requested.

Patch the relevant users of pw_encrypt() to abort in case an empty hash
is returned by pw_encrypt() in order to mitigate the problem.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

package/utils/busybox/Makefile		diff \| blob \| history
package/utils/busybox/patches/520-loginutils-handle-crypt-failures.patch	[new file with mode: 0644]	blob