slackware-current/source/n/yptools/yp-tools-2.14-glibc217-crypt.diff

Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
(w/ NULL return) if the salt violates specifications. Additionally,
on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
passed to crypt() fail with EPERM (w/ NULL return).

If using glibc's crypt(), check return value to avoid a possible
NULL pointer dereference.

Author: mancha

====

--- yp-tools-2.14/src/yppasswd.c.orig	2010-04-21
+++ yp-tools-2.14/src/yppasswd.c	2013-05-22
@@ -423,6 +423,7 @@ static int /* return values: 0 = not ok,
 verifypassword (struct passwd *pwd, char *pwdstr, uid_t uid)
 {
   char *p, *q;
+  char *crypted_pass;
   int ucase, lcase, other, r;
   int passwdlen;
 
@@ -448,12 +449,19 @@ verifypassword (struct passwd *pwd, char
     }
 
   passwdlen = get_passwd_len (pwd->pw_passwd);
-  if (pwd->pw_passwd[0]
-      && !strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), passwdlen)
-      && uid)
+  if (pwd->pw_passwd[0] && uid)
     {
-      fputs (_("You cannot reuse the old password.\n"), stderr);
-      return 0;
+      crypted_pass = crypt (pwdstr, pwd->pw_passwd);
+      if (crypted_pass == NULL)
+        {
+          fputs (_("crypt() call failed.\n"), stderr);
+          return 0;
+        }
+      if (!strncmp (pwd->pw_passwd, crypted_pass, passwdlen))
+        {
+          fputs (_("You cannot reuse the old password.\n"), stderr);
+          return 0;
+        }
     }
 
   r = 0;
@@ -517,6 +525,7 @@ int
 main (int argc, char **argv)
 {
   char *s, *progname, *domainname = NULL, *user = NULL, *master = NULL;
+  char *crypted_pass;
   int f_flag = 0, l_flag = 0, p_flag = 0, error, status;
   int hash_id = DES;
   char rounds[11] = "\0"; /* max length is '999999999$' */
@@ -738,7 +747,13 @@ main (int argc, char **argv)
 	  char *sane_passwd = alloca (passwdlen + 1);
 	  strncpy (sane_passwd, pwd->pw_passwd, passwdlen);
 	  sane_passwd[passwdlen] = 0;
-	  if (strcmp (crypt (s, sane_passwd), sane_passwd))
+	  crypted_pass = crypt (s, sane_passwd);
+	  if (crypted_pass == NULL)
+	    {
+	      fprintf (stderr, _("crypt() call failed.\n"));
+	      return 1;
+	    }
+	  if (strcmp (crypted_pass, sane_passwd))
 	    {
 	      fprintf (stderr, _("Sorry.\n"));
 	      return 1;
@@ -833,7 +848,14 @@ main (int argc, char **argv)
 	  break;
 	}
 
-      yppwd.newpw.pw_passwd = strdup (crypt (buf, salt));
+      crypted_pass = crypt (buf, salt);
+      if (crypted_pass == NULL)
+        {
+	  printf (_("crypt() call failed - password unchanged.\n"));
+	  return 1;
+        }
+
+      yppwd.newpw.pw_passwd = strdup (crypted_pass);
     }
 
   if (f_flag)
Slackware 14.1 Mon Nov 4 17:08:47 UTC 2013 Slackware 14.1 x86_64 stable is released! It's been another interesting release cycle here at Slackware bringing new features like support for UEFI machines, updated compilers and development tools, the switch from MySQL to MariaDB, and many more improvements throughout the system. Thanks to the team, the upstream developers, the dedicated Slackware community, and everyone else who pitched in to help make this release a reality. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. Have fun! :-) 2013-11-04 18:08:47 +01:00			`Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL`
			`(w/ NULL return) if the salt violates specifications. Additionally,`
			`on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords`
			`passed to crypt() fail with EPERM (w/ NULL return).`

			`If using glibc's crypt(), check return value to avoid a possible`
			`NULL pointer dereference.`

			`Author: mancha`

			`====`

			`--- yp-tools-2.14/src/yppasswd.c.orig 2010-04-21`
			`+++ yp-tools-2.14/src/yppasswd.c 2013-05-22`
			`@@ -423,6 +423,7 @@ static int /* return values: 0 = not ok,`
			`verifypassword (struct passwd pwd, char pwdstr, uid_t uid)`
			`{`
			`char p, q;`
			`+ char *crypted_pass;`
			`int ucase, lcase, other, r;`
			`int passwdlen;`

			`@@ -448,12 +449,19 @@ verifypassword (struct passwd *pwd, char`
			`}`

			`passwdlen = get_passwd_len (pwd->pw_passwd);`
			`- if (pwd->pw_passwd[0]`
			`- && !strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), passwdlen)`
			`- && uid)`
			`+ if (pwd->pw_passwd[0] && uid)`
			`{`
			`- fputs (_("You cannot reuse the old password.\n"), stderr);`
			`- return 0;`
			`+ crypted_pass = crypt (pwdstr, pwd->pw_passwd);`
			`+ if (crypted_pass == NULL)`
			`+ {`
			`+ fputs (_("crypt() call failed.\n"), stderr);`
			`+ return 0;`
			`+ }`
			`+ if (!strncmp (pwd->pw_passwd, crypted_pass, passwdlen))`
			`+ {`
			`+ fputs (_("You cannot reuse the old password.\n"), stderr);`
			`+ return 0;`
			`+ }`
			`}`

			`r = 0;`
			`@@ -517,6 +525,7 @@ int`
			`main (int argc, char **argv)`
			`{`
			`char s, progname, domainname = NULL, user = NULL, *master = NULL;`
			`+ char *crypted_pass;`
			`int f_flag = 0, l_flag = 0, p_flag = 0, error, status;`
			`int hash_id = DES;`
			`char rounds[11] = "\0"; /* max length is '999999999$' */`
			`@@ -738,7 +747,13 @@ main (int argc, char **argv)`
			`char *sane_passwd = alloca (passwdlen + 1);`
			`strncpy (sane_passwd, pwd->pw_passwd, passwdlen);`
			`sane_passwd[passwdlen] = 0;`
			`- if (strcmp (crypt (s, sane_passwd), sane_passwd))`
			`+ crypted_pass = crypt (s, sane_passwd);`
			`+ if (crypted_pass == NULL)`
			`+ {`
			`+ fprintf (stderr, _("crypt() call failed.\n"));`
			`+ return 1;`
			`+ }`
			`+ if (strcmp (crypted_pass, sane_passwd))`
			`{`
			`fprintf (stderr, _("Sorry.\n"));`
			`return 1;`
			`@@ -833,7 +848,14 @@ main (int argc, char **argv)`
			`break;`
			`}`

			`- yppwd.newpw.pw_passwd = strdup (crypt (buf, salt));`
			`+ crypted_pass = crypt (buf, salt);`
Slackware 14.2 Thu Jun 30 20:26:57 UTC 2016 Slackware 14.2 x86_64 stable is released! The long development cycle (the Linux community has lately been living in "interesting times", as they say) is finally behind us, and we're proud to announce the release of Slackware 14.2. The new release brings many updates and modern tools, has switched from udev to eudev (no systemd), and adds well over a hundred new packages to the system. Thanks to the team, the upstream developers, the dedicated Slackware community, and everyone else who pitched in to help make this release a reality. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. Have fun! :-) 2016-06-30 22:26:57 +02:00			`+ if (crypted_pass == NULL)`
Slackware 14.1 Mon Nov 4 17:08:47 UTC 2013 Slackware 14.1 x86_64 stable is released! It's been another interesting release cycle here at Slackware bringing new features like support for UEFI machines, updated compilers and development tools, the switch from MySQL to MariaDB, and many more improvements throughout the system. Thanks to the team, the upstream developers, the dedicated Slackware community, and everyone else who pitched in to help make this release a reality. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. Have fun! :-) 2013-11-04 18:08:47 +01:00			`+ {`
			`+ printf (_("crypt() call failed - password unchanged.\n"));`
			`+ return 1;`
			`+ }`
			`+`
			`+ yppwd.newpw.pw_passwd = strdup (crypted_pass);`
			`}`

			`if (f_flag)`