Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241230124013.GF10433@brightrain.aerifal.cx>
Date: Mon, 30 Dec 2024 07:40:13 -0500
From: Rich Felker <dalias@...c.org>
To: Markus Wichmann <nullplan@....net>
Cc: musl@...ts.openwall.com, Runxi Yu <runxiyuld@...xiyu.org>
Subject: Re: crypt(3) returns "*" from read-only region, segfaulting
 passwd(1) on Alpine for long passwords

On Mon, Dec 30, 2024 at 07:46:21AM +0100, Markus Wichmann wrote:
> Am Sun, Dec 29, 2024 at 04:38:03PM +0800 schrieb Runxi Yu:
> > musl/src/crypt/crypt_sha512.c
> > > 	if (!p || q != testbuf || memcmp(testbuf, testhash, sizeof testhash))
> > > 		return "*";
> 
> It doesn't make sense for these lines to be the problem, because they
> are only triggered if the compiler used for musl was broken and created
> a version of sha512crypt that generates wrong hashes. If this path is
> ever taken, then it is better for passwd to crash than to use any part
> of the hash.

Indeed. I think there's a good chance we should revise the decision
not to return an error from the crypt interfaces (opting instead to
return unmatchable hash), but this is not the relevant point in the
code, and regardless, the code that's trying to overwrite the
unknown-size buffer returned by crypt is certainly in the wrong and in
need of fixing, independent of whatever changes we might make.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.