Date: Mon, 09 Aug 1999 17:40:36 -0400 From: smkelly@slashnet.org To: FreeBSD-gnats-submit@freebsd.org, sno@silver.slashnet.org Subject: misc/13047: FreeBSD libcrypt bug? Message-ID: <E11Dx9o-0002B6-00@area51.slashnet.org>
next in thread | raw e-mail | index | archive | help
>Number: 13047 >Category: misc >Synopsis: crypt() with 2 char salt is not returning 13 character backwards compatible strings >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Aug 9 14:50:01 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Sean Kelly >Release: FreeBSD 3.2-STABLE i386 >Organization: >Environment: >Description: The libcrypt.so.2 library contains the crypt() function. Other implimentations only support a format with a two character salt which generates a 13 character password. The FreeBSD crypt(3) manpage says that there is backward compatibility for such things if the 'setting' (second argument passed to crypt()) is just two characters. However, I am getting >13 character passwords even by using the compatible mode that the manpage described. This breaks some programs such as Internet Relay Chat Daemons that use crypted passwords on many platforms. >How-To-Repeat: (1) smkelly@area51:~$ cat <<EOF >crypt.c > #include <stdio.h> > #include <unistd.h> > int main() > { > printf("Compat: %s\n", crypt("FreeBSD", "42")); > printf("Incompat: %s\n", crypt("FreeBSD", "_DEADBEEF")); > return 0; > } > EOF (2) smkelly@area51:~$ gcc -o crypt crypt.c -lcrypt (3) smkelly@area51:~$ ./crypt Compat: $1$42$2kP4RJzDJDeJaNnfz6kAD1 Incompat: $1$_DEADBEE$qewOsrc1LJwwvGy7HmsLp0 >Fix: In the example, the Compat: should read '42RsTfgD2n9Gs'. Libcrypt needs to be fixed so it is backward compatible again. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E11Dx9o-0002B6-00>