Hi, As with many other software, busybox was also broken by the glibc >= 2.17 behavior change. Now crypt() returns NULL if either salt or password is invalid.
This causes busybox 1.21, 1.22, and git su to segfault, when you just press enter at the password prompt (configured to use system crypt() of course). Program terminated with signal 11, Segmentation fault. #0 0xb760cb84 in strcmp () from /lib/libc.so.6 (gdb) bt full #0 0xb760cb84 in strcmp () from /lib/libc.so.6 No symbol table info available. #1 0x080493d3 in ask_and_check_password_extended () No symbol table info available. The attached patch fixes su. You may want to check every other call to crypt() in busybox. - Lauri -- http://www.fastmail.fm - A fast, anti-spam email service.
From 586f648074e6f979b79a88e1722188b8e6562bd0 Mon Sep 17 00:00:00 2001 From: Lauri Kasanen <[email protected]> Date: Mon, 3 Feb 2014 18:47:25 +0200 Subject: [PATCH] correct_password: Handle NULL from crypt glibc >= 2.17 may return NULL from crypt if the password or salt is invalid. Signed-off-by: Lauri Kasanen <[email protected]> --- libbb/correct_password.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libbb/correct_password.c b/libbb/correct_password.c index acadf39..e0dc66b 100644 --- a/libbb/correct_password.c +++ b/libbb/correct_password.c @@ -74,6 +74,10 @@ int FAST_FUNC ask_and_check_password_extended(const struct passwd *pw, return -1; } encrypted = pw_encrypt(unencrypted, correct, 1); + if (!encrypted) { + /* The user-supplied password was invalid, crypt returned NULL. */ + return 0; + } r = (strcmp(encrypted, correct) == 0); free(encrypted); nuke_str(unencrypted); -- 1.8.3.1
_______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
