From owner-freebsd-bugs Fri Dec 1 2:50: 8 2000 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id A17F237B401 for ; Fri, 1 Dec 2000 02:50:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id eB1Ao1d85285; Fri, 1 Dec 2000 02:50:01 -0800 (PST) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 7395937B404 for ; Fri, 1 Dec 2000 02:44:59 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id eB1Aixj84532; Fri, 1 Dec 2000 02:44:59 -0800 (PST) (envelope-from nobody) Message-Id: <200012011044.eB1Aixj84532@freefall.freebsd.org> Date: Fri, 1 Dec 2000 02:44:59 -0800 (PST) From: andre@express.ru To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: bin/23204: length of salt in crypt() is not the same as described in man 3 crypt Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 23204 >Category: bin >Synopsis: length of salt in crypt() is not the same as described in man 3 crypt >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 01 02:50:01 PST 2000 >Closed-Date: >Last-Modified: >Originator: Andre Yelistratov >Release: 4.2-STABLE >Organization: >Environment: $uname -a FreeBSD satan.express.ru 4.2-STABLE FreeBSD 4.2-STABLE #0: Fri Nov 24 22:20:30 MSK 2000 root@satan.express.ru:/usr/obj/usr/src/sys/SATAN i386 >Description: man 3 crypt: Modular crypt: If the salt begins with the string $digit$ then the Modular Crypt Format is used. The digit represents which algorithm is used in encryption. Following the token is the actual salt to use in the encryption. The length of the salt is limited to 16 characters--because the length of the ^^^^^^^^^^^^^^^^^^^^^ returned output is also limited (_PASSWORD_LEN). The salt must be termi- nated with the end of the string (NULL) or a dollar sign. Any characters after the dollar sign are ignored. Currently supported algorithms are: 1 MD5 =========================================================== In reality length of salt is limited to 8 characters. >How-To-Repeat: $cat crp.c #include #include main () { char passwd[]="testpasswd"; char salt[]="$1$1234567890$"; char *hash; hash = crypt(passwd, salt); printf("%s\n", hash); } $cc -o crp crp.c -lcrypt $./crp $1$12345678$VYreJG4qkG1D4.4X8s6o41 >Fix: --- crypt.h.orig Fri Dec 1 12:29:40 2000 +++ crypt.h Fri Dec 1 12:29:55 2000 @@ -29,6 +29,7 @@ /* magic sizes */ #define MD5_SIZE 16 +#define MD5_SALT_SIZE 16 char *crypt_des(const char *pw, const char *salt); char *crypt_md5(const char *pw, const char *salt); --- crypt-md5.c.orig Fri Dec 1 12:23:28 2000 +++ crypt-md5.c Fri Dec 1 12:30:26 2000 @@ -66,8 +66,8 @@ if(!strncmp(sp,magic,strlen(magic))) sp += strlen(magic); - /* It stops at the first '$', max 8 chars */ - for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++) + /* It stops at the first '$', max MD5_SALT_SIZE chars */ + for(ep=sp;*ep && *ep != '$' && ep < (sp+MD5_SALT_SIZE);ep++) continue; /* get the length of the true salt */ >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message