From owner-freebsd-bugs@FreeBSD.ORG Wed Jul 30 18:37:55 2014 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8C5A09FC for ; Wed, 30 Jul 2014 18:37:55 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5B9B2253B for ; Wed, 30 Jul 2014 18:37:55 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s6UIbtlX063885 for ; Wed, 30 Jul 2014 18:37:55 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 192277] New: crypt(3) regression Date: Wed, 30 Jul 2014 18:37:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 9.3-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: lampa@fit.vutbr.cz X-Bugzilla-Status: Needs Triage X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2014 18:37:55 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192277 Bug ID: 192277 Summary: crypt(3) regression Product: Base System Version: 9.3-RELEASE Hardware: Any OS: Any Status: Needs Triage Severity: Affects Many People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: lampa@fit.vutbr.cz #include #include int main() { char *p; p = crypt("12345678", "1234"); printf("hash = %s\n", p); } The result is sha512 hash = $6$1234$YlCaDQ/VIZKWwIo2tmk5UTOuoVbHSCBk8.4kcEXuwEVM2CDbAJOGIIPDK5DYedDT0Es/Rj2CSoD8LCpLhu8gy1 According man page, it should return DES format hash. This is serious regression, it can result in buffer overflow in old applications that don't expect anything else (I have been beaten by one such). IMHO historically incompatible behavior can happen only in Modular case. Both Modular and Traditional format salt should result with DES format hash in default case (without crypt_set_format) exactly like man page says: man 3 crypt Traditional crypt: The algorithm used will depend upon whether crypt_set_format() has been called and whether a global default format has been specified. Unless a global default has been specified or crypt_set_format() has set the for- mat to something else, the built-in default format is used. This is cur- rently DES if it is available, or MD5 if not. -- You are receiving this mail because: You are the assignee for the bug.