Hello. Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL (w/ NULL return) if the salt violates specifications. Additionally, on FIPS-140 enabled Linux systems, DES or MD5 encrypted passwords passed to crypt() fail with EPERM (w/ NULL return).
If using glibc's crypt() or shadow's pw_encrypt(), check return value to avoid a possible NULL pointer dereference. Patch that addresses this issue is submitted for code review (applies cleanly to HEAD@e6dee42e54). --mancha
0001-Handle-NULL-returns-from-glibc-2.17-crypt.patch
Description: Binary data
