rpms / libxcrypt

Clone
Source Code
GIT

Blame SOURCES/libxcrypt-rh1613537.patch

c8 c8-beta c8s c9 c9-beta
  1.   c8s
  2.   SOURCES
  3.   libxcrypt-rh1613537.patch
Blob History Raw
5df0d6 
commit 8596e298f761c32cecff45424f5242cd14269292
5df0d6 
Author: Zack Weinberg <zackw@panix.com>
5df0d6 
Date:   Tue Aug 7 21:35:12 2018 -0400
5df0d6
5df0d6 
    Add configure option --disable-failure-tokens.
5df0d6
5df0d6 
    When this option is given, crypt and crypt_r will return NULL on
5df0d6 
    failure, instead of a special "failure token" string that isn't the
5df0d6 
    hash of any passphrase.  This was the historical behavior of glibc,
5df0d6 
    FreeBSD libc, and several other implementations.
5df0d6
5df0d6 
diff --git a/configure.ac b/configure.ac
5df0d6 
index a22a5926bd82f729..23651f9c5c886107 100644
5df0d6 
--- a/configure.ac
5df0d6 
+++ b/configure.ac
5df0d6 
@@ -152,6 +152,25 @@ AC_CHECK_FUNCS_ONCE([
5df0d6 
 ])
5df0d6
5df0d6 
 # Configure options.
5df0d6 
+AC_ARG_ENABLE([failure-tokens],
5df0d6 
+    AS_HELP_STRING(
5df0d6 
+        [--disable-failure-tokens],
5df0d6 
+        [Make crypt and crypt_r return NULL on failure, instead of a
5df0d6 
+         special "failure token" string that isn't the hash of any
5df0d6 
+         passphrase.  This matches the behavior of several other
5df0d6 
+         crypt implementations, but will break programs that assume these
5df0d6 
+         functions never return NULL.  crypt_rn and crypt_ra are not affected
5df0d6 
+         by this option, and will always return NULL on failure.]
5df0d6 
+    ),
5df0d6 
+    [case "$enableval" in
5df0d6 
+      yes) enable_failure_tokens=1;;
5df0d6 
+       no) enable_failure_tokens=0;;
5df0d6 
+        *) AC_MSG_ERROR([bad value ${enableval} for --enable-failure-tokens]);;
5df0d6 
+     esac],
5df0d6 
+    [enable_failure_tokens=1])
5df0d6 
+AC_DEFINE_UNQUOTED([ENABLE_FAILURE_TOKENS], [$enable_failure_tokens],
5df0d6 
+  [Define to 1 if crypt and crypt_r should return a "failure token" on
5df0d6 
+   failure, or 0 if they should return NULL.])
5df0d6
5df0d6 
 AC_ARG_ENABLE([obsolete-api],
5df0d6 
     AS_HELP_STRING(
5df0d6 
diff --git a/crypt.c b/crypt.c
5df0d6 
index 9a3e19214e613097..839763afad14eaa9 100644
5df0d6 
--- a/crypt.c
5df0d6 
+++ b/crypt.c
5df0d6 
@@ -235,7 +235,11 @@ crypt_r (const char *phrase, const char *setting, struct crypt_data *data)
5df0d6 
 {
5df0d6 
   make_failure_token (setting, data->output, sizeof data->output);
5df0d6 
   do_crypt (phrase, setting, data);
5df0d6 
+#if ENABLE_FAILURE_TOKENS
5df0d6 
   return data->output;
5df0d6 
+#else
5df0d6 
+  return data->output[0] == '*' ? 0 : data->output;
5df0d6 
+#endif
5df0d6 
 }
5df0d6 
 SYMVER_crypt_r;
5df0d6 
 #endif
5df0d6 
diff --git a/crypt_rn.3 b/crypt_rn.3
5df0d6 
index 24da44cfce19716b..d021c4ed4a046e04 100644
5df0d6 
--- a/crypt_rn.3
5df0d6 
+++ b/crypt_rn.3
5df0d6 
@@ -204,17 +204,31 @@ multiple threads simultaneously, as long as a separate
5df0d6 
 object is used for each thread.
5df0d6 
 .PP
5df0d6 
 Upon error,
5df0d6 
-.B crypt
5df0d6 
-and
5df0d6 
-.B crypt_r
5df0d6 
-return a pointer to an
5df0d6 
+.BR crypt_r ", " crypt_rn ", and " crypt_ra
5df0d6 
+write an
5df0d6 
 .I invalid
5df0d6 
-hashed passphrase.
5df0d6 
+hashed passphrase to the
5df0d6 
+.I output
5df0d6 
+field of their
5df0d6 
+.I crypt_data
5df0d6 
+object, and
5df0d6 
+.B crypt
5df0d6 
+writes an invalid hash to its static storage area.
5df0d6 
 This string will be shorter than 13 characters,
5df0d6 
 will begin with a \(oq\fB*\fR\(cq,
5df0d6 
 and will not compare equal to
5df0d6 
 .IR setting .
5df0d6 
-(This peculiar behavior is for compatibility
5df0d6 
+.PP
5df0d6 
+Upon error,
5df0d6 
+.BR crypt_rn " and " crypt_ra
5df0d6 
+return a null pointer.
5df0d6 
+.BR crypt_r " and " crypt
5df0d6 
+may also return a null pointer,
5df0d6 
+or they may return a pointer to the invalid hash,
5df0d6 
+depending on how
5df0d6 
+.I libcrypt
5df0d6 
+was configured.
5df0d6 
+(The option to return the invalid hash is for compatibility
5df0d6 
 with old applications that assume that
5df0d6 
 .B crypt
5df0d6 
 cannot return a null pointer.
5df0d6 
@@ -222,15 +236,6 @@ See
5df0d6 
 .B "PORTABILITY NOTES"
5df0d6 
 below.)
5df0d6 
 .PP
5df0d6 
-.B crypt_rn
5df0d6 
-and
5df0d6 
-.B crypt_ra
5df0d6 
-also write an invalid hashed passphrase to the
5df0d6 
-.I output
5df0d6 
-field of their
5df0d6 
-.I crypt_data
5df0d6 
-object when they fail, but they return a null pointer.
5df0d6 
-.PP
5df0d6 
 All four functions set
5df0d6 
 .I errno
5df0d6 
 when they fail.
5df0d6 
diff --git a/test-badsalt.c b/test-badsalt.c
5df0d6 
index b2743373628b1f3f..3d2e47ac0e7647bd 100644
5df0d6 
--- a/test-badsalt.c
5df0d6 
+++ b/test-badsalt.c
5df0d6 
@@ -222,12 +222,28 @@ check_crypt (const char *label, const char *fn,
5df0d6 
              const char *retval, const char *setting,
5df0d6 
              bool expected_to_succeed)
5df0d6 
 {
5df0d6 
-  /* crypt/crypt_r should never return null */
5df0d6 
+#if ENABLE_FAILURE_TOKENS
5df0d6 
+  /* crypt/crypt_r never return null when failure tokens are enabled */
5df0d6 
   if (!retval)
5df0d6 
     {
5df0d6 
       printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn);
5df0d6 
       return false;
5df0d6 
     }
5df0d6 
+#else
5df0d6 
+  if (expected_to_succeed && !retval)
5df0d6 
+    {
5df0d6 
+      printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn);
5df0d6 
+      return false;
5df0d6 
+    }
5df0d6 
+  else if (!expected_to_succeed && retval)
5df0d6 
+    {
5df0d6 
+      printf ("FAIL: %s/%s/%s: returned %p, should be NULL\n",
5df0d6 
+              label, setting, fn, (const void *)retval);
5df0d6 
+      return false;
5df0d6 
+    }
5df0d6 
+  else if (!expected_to_succeed && !retval)
5df0d6 
+    return true;
5df0d6 
+#endif
5df0d6 
   if (!check_results (label, fn, retval, setting,
5df0d6 
                       expected_to_succeed))
5df0d6 
     return false;
5df0d6 
diff --git a/test-crypt-badargs.c b/test-crypt-badargs.c
5df0d6 
index 0e6af1626a605086..6be24a99ca7f9015 100644
5df0d6 
--- a/test-crypt-badargs.c
5df0d6 
+++ b/test-crypt-badargs.c
5df0d6 
@@ -169,6 +169,14 @@ test_crypt_ra (const char *tag,
5df0d6 
   check (tag, expect, got);
5df0d6 
 }
5df0d6
5df0d6 
+#if ENABLE_FAILURE_TOKENS
5df0d6 
+# define FT0 "*0"
5df0d6 
+# define FT1 "*1"
5df0d6 
+#else
5df0d6 
+# define FT0 0
5df0d6 
+# define FT1 0
5df0d6 
+#endif
5df0d6 
+
5df0d6 
 /* PAGE should point to PAGESIZE bytes of read-write memory followed
5df0d6 
    by another PAGESIZE bytes of inaccessible memory.  */
5df0d6
5df0d6 
@@ -187,55 +195,55 @@ do_tests(char *page, size_t pagesize)
5df0d6 
   size_t i;
5df0d6
5df0d6 
   /* When SETTING is null, it shouldn't matter what PHRASE is.  */
5df0d6 
-  expect_no_fault ("0.0.crypt",    0,  0, "*0", test_crypt);
5df0d6 
-  expect_no_fault ("0.0.crypt_r",  0,  0, "*0", test_crypt_r);
5df0d6 
+  expect_no_fault ("0.0.crypt",    0,  0, FT0, test_crypt);
5df0d6 
+  expect_no_fault ("0.0.crypt_r",  0,  0, FT0, test_crypt_r);
5df0d6 
   expect_no_fault ("0.0.crypt_rn", 0,  0, 0,    test_crypt_rn);
5df0d6 
   expect_no_fault ("0.0.crypt_ra", 0,  0, 0,    test_crypt_ra);
5df0d6
5df0d6 
-  expect_no_fault ("''.0.crypt",    "", 0, "*0", test_crypt);
5df0d6 
-  expect_no_fault ("''.0.crypt_r",  "", 0, "*0", test_crypt_r);
5df0d6 
+  expect_no_fault ("''.0.crypt",    "", 0, FT0, test_crypt);
5df0d6 
+  expect_no_fault ("''.0.crypt_r",  "", 0, FT0, test_crypt_r);
5df0d6 
   expect_no_fault ("''.0.crypt_rn", "", 0, 0,    test_crypt_rn);
5df0d6 
   expect_no_fault ("''.0.crypt_ra", "", 0, 0,    test_crypt_ra);
5df0d6
5df0d6 
-  expect_no_fault ("ph.0.crypt",    phrase, 0, "*0", test_crypt);
5df0d6 
-  expect_no_fault ("ph.0.crypt_r",  phrase, 0, "*0", test_crypt_r);
5df0d6 
+  expect_no_fault ("ph.0.crypt",    phrase, 0, FT0, test_crypt);
5df0d6 
+  expect_no_fault ("ph.0.crypt_r",  phrase, 0, FT0, test_crypt_r);
5df0d6 
   expect_no_fault ("ph.0.crypt_rn", phrase, 0, 0,    test_crypt_rn);
5df0d6 
   expect_no_fault ("ph.0.crypt_ra", phrase, 0, 0,    test_crypt_ra);
5df0d6
5df0d6 
-  expect_no_fault ("p1.0.crypt",    p1, 0, "*0", test_crypt);
5df0d6 
-  expect_no_fault ("p1.0.crypt_r",  p1, 0, "*0", test_crypt_r);
5df0d6 
+  expect_no_fault ("p1.0.crypt",    p1, 0, FT0, test_crypt);
5df0d6 
+  expect_no_fault ("p1.0.crypt_r",  p1, 0, FT0, test_crypt_r);
5df0d6 
   expect_no_fault ("p1.0.crypt_rn", p1, 0, 0,    test_crypt_rn);
5df0d6 
   expect_no_fault ("p1.0.crypt_ra", p1, 0, 0,    test_crypt_ra);
5df0d6
5df0d6 
-  expect_no_fault ("p2.0.crypt",    p2, 0, "*0", test_crypt);
5df0d6 
-  expect_no_fault ("p2.0.crypt_r",  p2, 0, "*0", test_crypt_r);
5df0d6 
+  expect_no_fault ("p2.0.crypt",    p2, 0, FT0, test_crypt);
5df0d6 
+  expect_no_fault ("p2.0.crypt_r",  p2, 0, FT0, test_crypt_r);
5df0d6 
   expect_no_fault ("p2.0.crypt_rn", p2, 0, 0,    test_crypt_rn);
5df0d6 
   expect_no_fault ("p2.0.crypt_ra", p2, 0, 0,    test_crypt_ra);
5df0d6
5df0d6 
   /* Conversely, when PHRASE is null,
5df0d6 
      it shouldn't matter what SETTING is...  */
5df0d6 
-  expect_no_fault ("0.''.crypt",    0, "", "*0", test_crypt);
5df0d6 
-  expect_no_fault ("0.''.crypt_r",  0, "", "*0", test_crypt_r);
5df0d6 
+  expect_no_fault ("0.''.crypt",    0, "", FT0,  test_crypt);
5df0d6 
+  expect_no_fault ("0.''.crypt_r",  0, "", FT0,  test_crypt_r);
5df0d6 
   expect_no_fault ("0.''.crypt_rn", 0, "", 0,    test_crypt_rn);
5df0d6 
   expect_no_fault ("0.''.crypt_ra", 0, "", 0,    test_crypt_ra);
5df0d6
5df0d6 
-  expect_no_fault ("0.'*'.crypt",    0, "*", "*0", test_crypt);
5df0d6 
-  expect_no_fault ("0.'*'.crypt_r",  0, "*", "*0", test_crypt_r);
5df0d6 
+  expect_no_fault ("0.'*'.crypt",    0, "*", FT0,  test_crypt);
5df0d6 
+  expect_no_fault ("0.'*'.crypt_r",  0, "*", FT0,  test_crypt_r);
5df0d6 
   expect_no_fault ("0.'*'.crypt_rn", 0, "*", 0,    test_crypt_rn);
5df0d6 
   expect_no_fault ("0.'*'.crypt_ra", 0, "*", 0,    test_crypt_ra);
5df0d6
5df0d6 
-  expect_no_fault ("0.'*0'.crypt",    0, "*0", "*1", test_crypt);
5df0d6 
-  expect_no_fault ("0.'*0'.crypt_r",  0, "*0", "*1", test_crypt_r);
5df0d6 
+  expect_no_fault ("0.'*0'.crypt",    0, "*0", FT1,  test_crypt);
5df0d6 
+  expect_no_fault ("0.'*0'.crypt_r",  0, "*0", FT1,  test_crypt_r);
5df0d6 
   expect_no_fault ("0.'*0'.crypt_rn", 0, "*0", 0,    test_crypt_rn);
5df0d6 
   expect_no_fault ("0.'*0'.crypt_ra", 0, "*0", 0,    test_crypt_ra);
5df0d6
5df0d6 
-  expect_no_fault ("0.'*1'.crypt",    0, "*1", "*0", test_crypt);
5df0d6 
-  expect_no_fault ("0.'*1'.crypt_r",  0, "*1", "*0", test_crypt_r);
5df0d6 
+  expect_no_fault ("0.'*1'.crypt",    0, "*1", FT0,  test_crypt);
5df0d6 
+  expect_no_fault ("0.'*1'.crypt_r",  0, "*1", FT0,  test_crypt_r);
5df0d6 
   expect_no_fault ("0.'*1'.crypt_rn", 0, "*1", 0,    test_crypt_rn);
5df0d6 
   expect_no_fault ("0.'*1'.crypt_ra", 0, "*1", 0,    test_crypt_ra);
5df0d6
5df0d6 
-  expect_no_fault ("0.p1.crypt",    0, p1, "*0", test_crypt);
5df0d6 
-  expect_no_fault ("0.p1.crypt_r",  0, p1, "*0", test_crypt_r);
5df0d6 
+  expect_no_fault ("0.p1.crypt",    0, p1, FT0,  test_crypt);
5df0d6 
+  expect_no_fault ("0.p1.crypt_r",  0, p1, FT0,  test_crypt_r);
5df0d6 
   expect_no_fault ("0.p1.crypt_rn", 0, p1, 0,    test_crypt_rn);
5df0d6 
   expect_no_fault ("0.p1.crypt_ra", 0, p1, 0,    test_crypt_ra);
5df0d6
5df0d6 
@@ -245,8 +253,8 @@ do_tests(char *page, size_t pagesize)
5df0d6 
      bug, but it's impractical to fix without breaking the property
5df0d6 
      that 'crypt' _never_ creates a failure token that is equal to the
5df0d6 
      setting string, which is more important than this corner case.  */
5df0d6 
-  expect_a_fault ("0.p2.crypt",    0, p2, "*0", test_crypt);
5df0d6 
-  expect_a_fault ("0.p2.crypt_r",  0, p2, "*0", test_crypt_r);
5df0d6 
+  expect_a_fault ("0.p2.crypt",    0, p2, FT0,  test_crypt);
5df0d6 
+  expect_a_fault ("0.p2.crypt_r",  0, p2, FT0,  test_crypt_r);
5df0d6 
   expect_a_fault ("0.p2.crypt_rn", 0, p2, 0,    test_crypt_rn);
5df0d6 
   expect_a_fault ("0.p2.crypt_ra", 0, p2, 0,    test_crypt_ra);
5df0d6
5df0d6 
@@ -257,9 +265,9 @@ do_tests(char *page, size_t pagesize)
5df0d6 
       strcpy (page, "p1.'");
5df0d6 
       strcat (page, settings[i]);
5df0d6 
       strcat (page, "'.crypt");
5df0d6 
-      expect_a_fault (page, p1, settings[i], "*0", test_crypt);
5df0d6 
+      expect_a_fault (page, p1, settings[i], FT0,  test_crypt);
5df0d6 
       strcat (page, "_r");
5df0d6 
-      expect_a_fault (page, p1, settings[i], "*0", test_crypt_r);
5df0d6 
+      expect_a_fault (page, p1, settings[i], FT0,  test_crypt_r);
5df0d6 
       strcat (page, "n");
5df0d6 
       expect_a_fault (page, p1, settings[i], 0,    test_crypt_rn);
5df0d6 
       page [strlen (page) - 1] = 'a';
5df0d6 
@@ -268,9 +276,9 @@ do_tests(char *page, size_t pagesize)
5df0d6 
       strcpy (page, "p2.'");
5df0d6 
       strcat (page, settings[i]);
5df0d6 
       strcat (page, "'.crypt");
5df0d6 
-      expect_a_fault (page, p2, settings[i], "*0", test_crypt);
5df0d6 
+      expect_a_fault (page, p2, settings[i], FT0,  test_crypt);
5df0d6 
       strcat (page, "_r");
5df0d6 
-      expect_a_fault (page, p2, settings[i], "*0", test_crypt_r);
5df0d6 
+      expect_a_fault (page, p2, settings[i], FT0,  test_crypt_r);
5df0d6 
       strcat (page, "n");
5df0d6 
       expect_a_fault (page, p2, settings[i], 0,    test_crypt_rn);
5df0d6 
       page [strlen (page) - 1] = 'a';
5df0d6 
@@ -279,8 +287,8 @@ do_tests(char *page, size_t pagesize)
5df0d6
5df0d6 
   /* Conversely, when PHRASE is valid, passing an invalid string as SETTING
5df0d6 
      should crash reliably.  */
5df0d6 
-  expect_a_fault ("ph.p2.crypt",    phrase, p2, "*0", test_crypt);
5df0d6 
-  expect_a_fault ("ph.p2.crypt_r",  phrase, p2, "*0", test_crypt_r);
5df0d6 
+  expect_a_fault ("ph.p2.crypt",    phrase, p2, FT0,  test_crypt);
5df0d6 
+  expect_a_fault ("ph.p2.crypt_r",  phrase, p2, FT0,  test_crypt_r);
5df0d6 
   expect_a_fault ("ph.p2.crypt_rn", phrase, p2, 0,    test_crypt_rn);
5df0d6 
   expect_a_fault ("ph.p2.crypt_ra", phrase, p2, 0,    test_crypt_ra);
5df0d6
5df0d6 
@@ -292,9 +300,9 @@ do_tests(char *page, size_t pagesize)
5df0d6 
       strcpy (page, "ph.'");
5df0d6 
       strcat (page, settings[i]);
5df0d6 
       strcat (page, ".crypt");
5df0d6 
-      expect_a_fault (page, phrase, p1, "*0", test_crypt);
5df0d6 
+      expect_a_fault (page, phrase, p1, FT0, test_crypt);
5df0d6 
       strcat (page, "_r");
5df0d6 
-      expect_a_fault (page, phrase, p1, "*0", test_crypt_r);
5df0d6 
+      expect_a_fault (page, phrase, p1, FT0, test_crypt_r);
5df0d6 
       strcat (page, "n");
5df0d6 
       expect_a_fault (page, phrase, p1, 0,    test_crypt_rn);
5df0d6 
       page [strlen (page) - 1] = 'a';
5df0d6 
diff --git a/test-crypt-bcrypt.c b/test-crypt-bcrypt.c
5df0d6 
index c984e4d47d8df2c6..bf149b405bd408c7 100644
5df0d6 
--- a/test-crypt-bcrypt.c
5df0d6 
+++ b/test-crypt-bcrypt.c
5df0d6 
@@ -194,8 +194,12 @@ main (void)
5df0d6 
       errno = 0;
5df0d6 
       p = crypt (key, setting);
5df0d6 
       errnm = errno;
5df0d6 
+#if ENABLE_FAILURE_TOKENS
5df0d6 
       match = strcmp (p, hash);
5df0d6 
-      if ((!ok && !errno) || strcmp (p, hash))
5df0d6 
+#else
5df0d6 
+      match = (ok ? strcmp (p, hash) : p != 0);
5df0d6 
+#endif
5df0d6 
+      if ((!ok && !errno) || match)
5df0d6 
         {
5df0d6 
           printf ("FAIL: %d/crypt.1: key=%s setting=%s: xhash=%s xerr=%d, "
5df0d6 
                   "p=%s match=%d err=%s\n",

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation