On Tuesday 04 February 2014 14:44:43 Lauri Kasanen wrote:
> On Tue, Feb 4, 2014, at 10:43, Ralf Friedl wrote:
> > > As with many other software, busybox was also broken by the glibc >=
> > > 2.17 behavior change. Now crypt() returns NULL if either salt or
> > > password is invalid.
> > >
> > > This causes busybox 1.21, 1.22, and git su to segfault, when you just
> > > press enter at the password prompt (configured to use system crypt() of
> > > course).
> > >
> > > The attached patch fixes su. You may want to check every other call to
> > > crypt() in busybox.
> >
> > A simple way to fix this for all users of pw_encrypt is to change
> > pw_encrypt:
> > char* FAST_FUNC pw_encrypt(const char *clear, const char *salt, int
> > cleanup)
> > {
> > char *res = crypt(clear, salt);
> > if (!res)
> > res = ""; // Or whatever value crypt previously returned
> > return xstrdup(res);
> > }
>
> Yes, previously crypt returned an empty string like that. Though that
> will throw a warning about assigning a const char to char, something
> similar would work.
>
> - Lauri
>
>
Hi,
still i think it should be better to emit a error msg when crypt fails
or you will never notice.
Ciao,
Tito
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
