Group :: Segurança/Rede
RPM: LibreSSL
Navegação
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
Patch: 0006-SUSE-des-fcrypt.patch
Download
Download
From 606fbc0e81e89cac90b59227dbd33bc49bba50a1 Mon Sep 17 00:00:00 2001
From: "Vladimir D. Seleznev" <vseleznv@altlinux.org>
Date: Sun, 1 Nov 2020 21:36:31 +0300
Subject: [PATCH] SUSE: des fcrypt
From: Jan Engelhardt <jengelh@inai.de>
References: https://marc.info/?l=openbsd-tech&m=150906184009035&w=2
Do what openssl-1.1 is doing to guard against an otherwise
out-of-bounds access.
---
libressl/crypto/des/fcrypt.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libressl/crypto/des/fcrypt.c b/libressl/crypto/des/fcrypt.c
index 537562c..8b6058a 100644
--- a/libressl/crypto/des/fcrypt.c
+++ b/libressl/crypto/des/fcrypt.c
@@ -78,6 +78,8 @@ char *DES_fcrypt(const char *buf, const char *salt, char *ret)
* crypt to "*". This was found when replacing the crypt in
* our shared libraries. People found that the disabled
* accounts effectively had no passwd :-(. */
+ if (salt[0] >= sizeof(con_salt) || salt[1] >= sizeof(con_salt))
+ return NULL;
x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
Eswap0=con_salt[x]<<2;
x=ret[1]=((salt[1] == '\0')?'A':salt[1]);
--
2.33.7