subject:"Bug#714219\: libc6\: crypt\(3\) returns NULL with EINVAL instead of falling back to DES, breaking GNU software"

Bug#714219: libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software

2013-07-03 Thread mancha

Please see my bug report for CVS documenting this behavior as well 
as my patch: https://savannah.nongnu.org/bugs/?39040

--mancha


-- 
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130703164539.d386d60...@smtp.hushmail.com

Bug#714219: libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software

2013-07-03 Thread mancha

Dear all:

You might be interested in a project of mine which humbly began
as helping the Slackware Linux team patch their Shadow tools
suite to properly handle possible NULL returns from glibc 2.17+
crypt().

It since has evolved into a larger project where I have been
working with developers to introduce needed checks to prevent
possible NULL pointer dereference situations in their programs.

My progress is being documented in Slackware's de facto bug 
discussion forum (linuxquestions.org). You can view thread here: 
https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-
current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/

Additionally, I have placed all patch files along with a signed
digest file in a sourceforge project:
https://sourceforge.net/projects/miscellaneouspa/files/glibc217/

The Debian security team might be interested in this given the
security implications of some of these fixes. Please CC: me in
any such correspondence.

--mancha

PGP Key ID: 0xB5ABF4FFF7048E92
Key fingerprint = 7F1F E9BF 77CF 15AC 8F6B  C934 B5AB F4FF F704 
8E92


-- 
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20130703191803.ca04f60...@smtp.hushmail.com

Bug#714219: libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software

2013-06-26 Thread Thorsten Glaser

Package: libc6
Version: 2.17-6
Severity: important

Hi,

GNU libc6 in sid is breaking GNU CVS; some operations can
cause a segfault. I’ve tracked it down to:

tglase@tglase:~ $ cat x.c
#define _GNU_SOURCE
#include errno.h
#include stdio.h
#include string.h
#include unistd.h

void tst(const char *, const char *);
void tst(const char *x, const char *y) {
const char *z;
int e;

z = crypt(x, y);
e = errno;
printf(tst(\%s\, \%s\)\n - %p %s\n - %s\n,
x, y, z, z?z:(null), z?(ok):strerror(e));
}

int main(void) {
tst(foo, xy7k69x/M/s7g);
tst(bar, xy7k69x/M/s7g);
tst(   , %qb?,db=yu'd,0h0%db:3?,c?=,d dZ,?=I:yZZ30 eZy=a%0 d);
return (0);
}
tglase@tglase:~ $ gcc -O2 -o x x.c -lcrypt
tglase@tglase:~ $ ./x
tst(foo, xy7k69x/M/s7g)
 - 0xf77b7140 xy7k69x/M/s7g
 - (ok)
tst(bar, xy7k69x/M/s7g)
 - 0xf77b7140 xy5FOaP3Hea0k
 - (ok)
tst(   , %qb?,db=yu'd,0h0%db:3?,c?=,d dZ,?=I:yZZ30 eZy=a%0 d)
 - (nil) (null)
 - Invalid argument
tglase@tglase:~ $ scp x ${wheezysystem}:
x  
100% 5707 5.6KB/s   00:00
tglase@tglase:~ $ ssh ${wheezysystem} ./x
tst(foo, xy7k69x/M/s7g)
 - 0xb7742140 xy7k69x/M/s7g
 - (ok)
tst(bar, xy7k69x/M/s7g)
 - 0xb7742140 xy5FOaP3Hea0k
 - (ok)
tst(   , %qb?,db=yu'd,0h0%db:3?,c?=,d dZ,?=I:yZZ30 eZy=a%0 d)
 - 0xb7742140 %q7LLO/mNILqg
 - (ok)

POSIX says crypt(3) only fails with ENOSYS if it’s not supported
at all, but then it’d fail consistently:

ERRORS  
 

 
 The crypt() function shall fail if:
 
   [ENOSYS] 
 
  The functionality is not supported on this implementation.
 

POSIX then goes on to use crypt() just like GNU CVS does:

if (strcmp(p-pw_passwd, crypt(oldpasswd, p-pw_passwd)) == 0) {
 

Other implementations (like BSD) also strongly suggest that,
unless a different algorithm is selected ($1$, $2a$, etc.)
DES is used, which the above example clearly states is supported,
and overlong salts are just cut off / their trail end ignored.

23:51⎜dalias in musl, we return * on error

If this is an error at all… on wheezy it was none, and BSD agrees:

tg@blau:~ $ uname -a; ./x   

MirBSD blau.mirbsd.org 10 Kv#10uB2-20130517 GENERIC#1405 i386
tst(foo, xy7k69x/M/s7g)
 - 0x23af3720 xy7k69x/M/s7g
 - (ok)
tst(bar, xy7k69x/M/s7g)
 - 0x23af3720 xy5FOaP3Hea0k
 - (ok)
tst(   , %qb?,db=yu'd,0h0%db:3?,c?=,d dZ,?=I:yZZ30 eZy=a%0 d)
 - 0x23af3720 %q3ge9F/nF3ec
 - (ok)

Although the output on wheezy differs (it shouldn’t).


Please fix this to at least never return NULL with something
else than an ENOSYS condition (crypt(3) not implemented at all),
because this *will* break unrelated software.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (100, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.9-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh

Versions of packages libc6 depends on:
ii  libgcc1  1:4.8.1-4

Versions of packages libc6 recommends:
ii  libc6-i686  2.17-6

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]  1.5.50
ii  glibc-doc  2.17-6
ii  locales-all [locales]  2.17-6

-- debconf information:
* glibc/upgrade: true
  glibc/disable-screensaver:
  glibc/restart-failed:
* glibc/restart-services: postfix openbsd-inetd cups cron
* libraries/restart-without-asking: true


-- 
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20130626220647.9086.25208.report...@tglase.lan.tarent.de

Bug#714219: libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software

2013-06-26 Thread Carlos O'Donell

From the 2.17 NEWS:

* The `crypt' function now fails if passed salt bytes that violate the
  specification for those values.  On Linux, the `crypt' function will
  consult /proc/sys/crypto/fips_enabled to determine if FIPS mode is
  enabled, and fail on encrypted strings using the MD5 or DES algorithm
  when the mode is enabled.

 tst(   , %qb?,db=yu'd,0h0%db:3?,c?=,d dZ,?=I:yZZ30 eZy=a%0 d);

This string contains invalid salt crypt character.

POSIX says:
~~~
Otherwise, it shall return a null pointer and set errno to indicate the error.
~~~

Therefore returning null and setting errno is entirely appropriate.

All conforming applications should check for NULL.

Conforming implementations may return additional errors to those
listed by POSIX
It is only a problem if you don't return the listed errno for the same error.

 if (strcmp(p-pw_passwd, crypt(oldpasswd, p-pw_passwd)) == 0) {

Examples are non-normative. They are simply informative and may assume things
like always using valid salt characters.

 If this is an error at all… on wheezy it was none, and BSD agrees:

It is not an error. You can't use invalid salt strings.

 Please fix this to at least never return NULL with something
 else than an ENOSYS condition (crypt(3) not implemented at all),
 because this *will* break unrelated software.

That will not get accepted upstream.

Please fix your application to conform with POSIX.

You must check the result and act appropriately when you see a NULL return
including cleaning the input to contain only valid salt characters.

Cheers,
Carlos.


--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cae2ss1jpngrj9z2pezx3wewetahpyrzjcxlwmnidcete5qo...@mail.gmail.com

Bug#714219: libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software

Bug#714219: libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software

Bug#714219: libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software

Bug#714219: libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software

4 matches

Site Navigation

Mail list logo

Footer information