183130227/tn3399_openwrt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1211832977
tn3399_openwrt/package/utils/busybox
History
Jo-Philipp Wich 1211832977 busybox: handle crypt() errors in loginutils 
The crypt(3) function is allowed to fail with either EINVAL or ENOSYS when
the given salt is either invalid or when the requested algorithm is not
implemented.

In such a case, libbb's pw_encrypt() function will silently convert the
crypt() NULL return value into an empty string which is then processed
without further errors by utilities such as chpasswd or passwd, causing
them to set an empty password when an unsupported cipher is requested.

Patch the relevant users of pw_encrypt() to abort in case an empty hash
is returned by pw_encrypt() in order to mitigate the problem.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 12:08:00 +01:00
..
config busybox: update to 1.30.0 2019-01-01 14:10:47 +01:00
files procd: Add wrapper for uci_validate_section() 2019-01-22 09:05:59 +01:00
patches busybox: handle crypt() errors in loginutils 2019-01-22 12:08:00 +01:00
Config-defaults.in busybox: update to 1.30.0 2019-01-01 14:10:47 +01:00
Config.in busybox: include config files relative to the main Config.in (#18522) 2014-12-12 12:33:34 +00:00
convert_defaults.pl busybox: add a reworked implementation of menuconfig support, this time with a guard option that keeps all symbols at default values until an extra option is activated 2014-01-31 13:50:16 +00:00
convert_menuconfig.pl busybox: adjust convert_menuconfig.pl to emit relative path references for Config.in files and refresh generated files 2016-01-03 11:38:31 +00:00
Makefile busybox: handle crypt() errors in loginutils 2019-01-22 12:08:00 +01:00