Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 09 Aug 1999 17:40:36 -0400
From:      smkelly@slashnet.org
To:        FreeBSD-gnats-submit@freebsd.org, sno@silver.slashnet.org
Subject:   misc/13047: FreeBSD libcrypt bug?
Message-ID:  <E11Dx9o-0002B6-00@area51.slashnet.org>
next in thread | raw e-mail | index | archive | help 

>Number:         13047
>Category:       misc
>Synopsis:       crypt() with 2 char salt is not returning 13 character backwards compatible strings
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug  9 14:50:01 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator:     Sean Kelly
>Release:        FreeBSD 3.2-STABLE i386
>Organization:
>Environment:

	

>Description:

	The libcrypt.so.2 library contains the crypt() function.
	Other implimentations only support a format with a two
	character salt which generates a 13 character password.
	The FreeBSD crypt(3) manpage says that there is backward
	compatibility for such things if the 'setting' (second
	argument passed to crypt()) is just two characters.
	However, I am getting >13 character passwords even by
	using the compatible mode that the manpage described.
	This breaks some programs such as Internet Relay Chat
	Daemons that use crypted passwords on many platforms.

>How-To-Repeat:

	(1) smkelly@area51:~$ cat <<EOF >crypt.c
	> #include <stdio.h>
	> #include <unistd.h>
	> int main()
	> {
	> printf("Compat: %s\n", crypt("FreeBSD", "42"));
	> printf("Incompat: %s\n", crypt("FreeBSD", "_DEADBEEF"));
	> return 0;
	> }
	> EOF
	(2) smkelly@area51:~$ gcc -o crypt crypt.c -lcrypt
	(3) smkelly@area51:~$ ./crypt
	Compat: $1$42$2kP4RJzDJDeJaNnfz6kAD1
	Incompat: $1$_DEADBEE$qewOsrc1LJwwvGy7HmsLp0


>Fix:
	
	In the example, the Compat: should read '42RsTfgD2n9Gs'.
	Libcrypt needs to be fixed so it is backward compatible again.

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E11Dx9o-0002B6-00>