From a7f9df50cecec46bb8176382faa685ce35ca72be Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Thu, 5 Jul 2018 15:20:05 -0400 Subject: Make salt validation pickier. This started out as a patch to fold together test-crypt-badsalt.c and test-crypt-nonnull.c (which were almost the same program) and extend their testing from DES to all of the supported hashes. That revealed that many of the supported hash functions do not validate the contents of their salt strings very carefully. This patch has a low but nonzero backward compatibility risk, because now we reject certain calls to crypt*() that we would previously have accepted. In particular, setting strings of the form $5$xxxxxxx*xxxxxxxx$ where x stands for any "itoa64" character and * for any non-"itoa64" character, would formerly be accepted but are now rejected. Some of the hash algorithms that were lenient about the contents of the salt would echo back the salt verbatim, and others would convert it to the base64 alphabet somehow. I think it's unlikely that this occurs in real password files but I don't have a lot of data to base that on. --- .gitignore | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to '.gitignore') diff --git a/.gitignore b/.gitignore index 9f443bd..bb7f15c 100644 --- a/.gitignore +++ b/.gitignore @@ -53,13 +53,12 @@ /test-alg-sha1 /test-alg-sha256 /test-alg-sha512 +/test-badsalt /test-bigcrypt /test-byteorder -/test-crypt-badsalt /test-crypt-bcrypt /test-crypt-des /test-crypt-md5 -/test-crypt-nonnull /test-crypt-nthash /test-crypt-pbkdf1-sha1 /test-crypt-sha256 -- cgit v1.2.3