Date: 28 Jun 1998 02:42:08 +0900 From: Just Another Perl Hacker <japh@gol.com> To: FreeBSD-bugs@FreeBSD.ORG Subject: Re: bin/7090: crypt(3) partially returns raw password when salt isn't null-terminated Message-ID: <oiulmvj0v.fsf@mew.gol.ad.jp> In-Reply-To: Poul-Henning Kamp's message of "Sat, 27 Jun 1998 09:20:01 -0700 (PDT)" References: <199806271620.JAA29831@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp <phk@critter.freebsd.dk> writes:
> The following reply was made to PR bin/7090; it has been noted by GNATS.
>
> From: Poul-Henning Kamp <phk@critter.freebsd.dk>
> To: japh@gol.com
> Cc: FreeBSD-gnats-submit@FreeBSD.ORG
> Subject: Re: bin/7090: crypt(3) partially returns raw password when salt isn't null-terminated
> Date: Sat, 27 Jun 1998 18:10:57 +0200
>
> > MD5 based crypt(3) in libcrypt.{a,so.maj.min} as distributed
> > by FreeBSD returns a portion of the password in the clear,
> > when the salt isn't terminated by a null character.
> >
> > Example:
> >
> > crypt("abcdefgh","YX") returns <$1$YXabcdef$.tHXoLufzR8OYyH4BBghm1
> > ^^^^^^
> > This problem surfaces when an application that assumes a salt
> > is an array of two characters with no trailing null character
> > calls crypt(3). Such an example is xlock(1), with USE_XLOCKRC
> > defined in the compilation.
>
> Then xlock doesn't use the crypt API correctly and should be fixed.
It does.
The conventional crypt(3) expects a salt to have the length of two
characters, with no trailing null character. Refer to the manpages of
other operating systems, e.g. BSD/OS, Linux, Sun.
It is therefore FreeBSD's fault in not expecting non-terminated salts,
while providing a compatible API with an incompatible behaviour which
results the blatantly wrong output. You missed my point.
For the note: I have just discovered that des_cipher(3) does indeed
take a salt as a 4 byte integer, although the API isn't a replacement
of crypt(3).
--
Junichi Kurokawa <japh@gol.com>
Global Online Japan Corporation, Tokyo
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?oiulmvj0v.fsf>