Package: libc6 Version: 2.17-6 Severity: important Hi,
GNU libc6 in sid is breaking GNU CVS; some operations can cause a segfault. I’ve tracked it down to: tglase@tglase:~ $ cat x.c #define _GNU_SOURCE #include <errno.h> #include <stdio.h> #include <string.h> #include <unistd.h> void tst(const char *, const char *); void tst(const char *x, const char *y) { const char *z; int e; z = crypt(x, y); e = errno; printf("tst(\"%s\", \"%s\")\n -> %p %s\n -> %s\n", x, y, z, z?z:"(null)", z?"(ok)":strerror(e)); } int main(void) { tst("foo", "xy7k69x/M/s7g"); tst("bar", "xy7k69x/M/s7g"); tst(" ", "%qb?,db=yu'd,0h0%db:3?,c?=,d dZ,?=I:yZZ30 eZy=a%0 d"); return (0); } tglase@tglase:~ $ gcc -O2 -o x x.c -lcrypt tglase@tglase:~ $ ./x tst("foo", "xy7k69x/M/s7g") -> 0xf77b7140 xy7k69x/M/s7g -> (ok) tst("bar", "xy7k69x/M/s7g") -> 0xf77b7140 xy5FOaP3Hea0k -> (ok) tst(" ", "%qb?,db=yu'd,0h0%db:3?,c?=,d dZ,?=I:yZZ30 eZy=a%0 d") -> (nil) (null) -> Invalid argument tglase@tglase:~ $ scp x ${wheezysystem}: x 100% 5707 5.6KB/s 00:00 tglase@tglase:~ $ ssh ${wheezysystem} ./x tst("foo", "xy7k69x/M/s7g") -> 0xb7742140 xy7k69x/M/s7g -> (ok) tst("bar", "xy7k69x/M/s7g") -> 0xb7742140 xy5FOaP3Hea0k -> (ok) tst(" ", "%qb?,db=yu'd,0h0%db:3?,c?=,d dZ,?=I:yZZ30 eZy=a%0 d") -> 0xb7742140 %q7LLO/mNILqg -> (ok) POSIX says crypt(3) only fails with ENOSYS if it’s not supported at all, but then it’d fail consistently: ERRORS The crypt() function shall fail if: [ENOSYS] The functionality is not supported on this implementation. POSIX then goes on to use crypt() just like GNU CVS does: if (strcmp(p->pw_passwd, crypt(oldpasswd, p->pw_passwd)) == 0) { Other implementations (like BSD) also strongly suggest that, unless a different algorithm is selected ($1$, $2a$, etc.) DES is used, which the above example clearly states is supported, and overlong salts are just cut off / their trail end ignored. 23:51⎜<dalias> in musl, we return "*" on error If this is an error at all… on wheezy it was none, and BSD agrees: tg@blau:~ $ uname -a; ./x MirBSD blau.mirbsd.org 10 Kv#10uB2-20130517 GENERIC#1405 i386 tst("foo", "xy7k69x/M/s7g") -> 0x23af3720 xy7k69x/M/s7g -> (ok) tst("bar", "xy7k69x/M/s7g") -> 0x23af3720 xy5FOaP3Hea0k -> (ok) tst(" ", "%qb?,db=yu'd,0h0%db:3?,c?=,d dZ,?=I:yZZ30 eZy=a%0 d") -> 0x23af3720 %q3ge9F/nF3ec -> (ok) Although the output on wheezy differs (it shouldn’t). Please fix this to at least never return NULL with something else than an ENOSYS condition (crypt(3) not implemented at all), because this *will* break unrelated software. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (100, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.9-1-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Versions of packages libc6 depends on: ii libgcc1 1:4.8.1-4 Versions of packages libc6 recommends: ii libc6-i686 2.17-6 Versions of packages libc6 suggests: ii debconf [debconf-2.0] 1.5.50 ii glibc-doc 2.17-6 ii locales-all [locales] 2.17-6 -- debconf information: * glibc/upgrade: true glibc/disable-screensaver: glibc/restart-failed: * glibc/restart-services: postfix openbsd-inetd cups cron * libraries/restart-without-asking: true -- To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130626220647.9086.25208.report...@tglase.lan.tarent.de