[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1458907955-8698-1-git-send-email-timo.teras@iki.fi>
Date: Fri, 25 Mar 2016 14:12:35 +0200
From: Timo Teräs <timo.teras@....fi>
To: musl@...ts.openwall.com
Cc: Timo Teräs <timo.teras@....fi>
Subject: [PATCH] crypt_blowfish: allow short salt strings
assume the remainder of the salt to be zero bits.
---
src/crypt/crypt_blowfish.c | 2 ++
1 file changed, 2 insertions(+)
Any comments if this makes sense?
There seems to be some test suites that even verify that short
salt strings should succeed.
See: http://bugs.alpinelinux.org/issues/5141
diff --git a/src/crypt/crypt_blowfish.c b/src/crypt/crypt_blowfish.c
index d3f7985..d1f5588 100644
--- a/src/crypt/crypt_blowfish.c
+++ b/src/crypt/crypt_blowfish.c
@@ -365,6 +365,7 @@ static const unsigned char BF_atoi64[0x60] = {
#define BF_safe_atoi64(dst, src) \
{ \
tmp = (unsigned char)(src); \
+ if (tmp == 0 || tmp == '$') break; \
if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \
tmp = BF_atoi64[tmp]; \
if (tmp > 63) return -1; \
@@ -624,6 +625,7 @@ static char *BF_crypt(const char *key, const char *setting,
return NULL;
}
+ memset(data.binary.salt, 0, sizeof data.binary.salt);
count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) {
return NULL;
--
2.7.4
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
