http://bugzilla.novell.com/show_bug.cgi?id=529495
Summary: glibc: SHA crypt broken in SUSE
Classification: openSUSE
Product: openSUSE 11.1
Version: Final
Platform: x86
OS/Version: Linux
Status: NEW
Severity: Major
Priority: P5 - None
Component: Basesystem
AssignedTo: bnc-team-screening@forge.provo.novell.com
ReportedBy: jengelh@medozas.de
QAContact: qa@suse.de
Found By: Beta-Customer
Glibc 2.7 and up ship SHA crypt, but SUSE's poking in glibc rendered it
inaccessible. Please restore, it is a major loss of function.
Test case:
#define _GNU_SOURCE 1
#include
#include
#include
int main(void)
{
struct crypt_data cd = {};
char *p;
p = crypt_r("keydklasjlasdasdas", "$5$ABCDEFGHIJKLMNOP", &cd);
printf("%s\n", p);
return 0;
}
Stepping through this with gdb shows where it breaks:
Breakpoint 1, main () at pt.c:8
8 struct crypt_data cd = {};
(gdb) n
10 p = crypt_r("keydklasjlasdasdas", "$5$ABCDEFGHIJKLMNOP", &cd);
(gdb) s
__crypt_r (key=0x8048634 "keydklasjlasdasdas",
setting=0x8048620 "$5$ABCDEFGHIJKLMNOP", data=0xbffdf144) at wrapper.c:154
154 return _crypt_retval_magic(
(gdb) bt
#0 __crypt_r (key=0x8048634 "keydklasjlasdasdas",
setting=0x8048620 "$5$ABCDEFGHIJKLMNOP", data=0xbffdf144) at wrapper.c:154
#1 0x08048535 in main () at pt.c:10
Since wrapper.c is not in the original, unmodified Glibc sources, this must be
caused by a SUSE patch, and my guess is that it is the one that adds Blowfish.
Fact is, glibc's __crypt_r is not called anymore, instead, the limited Blowfish
code does its own faulty handling of $x$ codes. Line 119 is totally incorrect,
in my humble opinion. It should not return EINVAL, it should call glibc's
crypt.
#0 __crypt_rn (key=0x8048634 "keydklasjlasdasdas",
setting=0x8048620 "$5$ABCDEFGHIJKLMNOP", data=0xbffdf144, size=131228)
at wrapper.c:115
112 char *__crypt_rn(__const char *key, __const char *setting,
113 void *data, int size)
114 {
115 if (setting[0] == '$' && setting[1] == '2')
116 return _crypt_blowfish_rn(key, setting, (char *)data,
size);
117 if (setting[0] == '$' && setting[1] == '1')
118 return __md5_crypt_r(key, setting, (char *)data, size);
119 if (setting[0] == '$' || setting[0] == '_') {
Better yet, glibc's crypt (in crypt-entry.c) should invoke Blowfish, not
Blowfish invoking glibc.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.