From 52a38d55097bf0532b0eaa97552e001203808e88 Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Sun, 28 Jul 2013 18:41:11 +0200
Subject: [PATCH] crypt() in glibc/eglibc 2.17 now fails if passed a salt that
 violates specs. On Linux, crypt() also fails with DES/MD5 salts in FIPS140
 mode. Rather than exit() on NULL returns we send them back to the caller for
 appropriate handling.

---
 ChangeLog       | 15 +++++++++++++++
 lib/encrypt.c   |  7 +++----
 lib/pwauth.c    |  7 ++++++-
 libmisc/valid.c |  1 +
 src/chgpasswd.c |  4 ++++
 src/chpasswd.c  |  4 ++++
 src/gpasswd.c   |  4 ++++
 src/newgrp.c    |  3 ++-
 src/newusers.c  | 26 +++++++++++++++++++++-----
 src/passwd.c    |  6 +++++-
 10 files changed, 65 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1955f3b0..104caa07 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,18 @@
+2013-07-28  mancha <mancha1@hush.com>
+
+        * lib/encrypt.c: crypt() in glibc/eglibc 2.17 now fails if passed
+          a salt that violates specs. On Linux, crypt() also fails with
+          DES/MD5 salts in FIPS140 mode. Rather than exit() on NULL returns
+          we send them back to the caller for appropriate handling.
+        * lib/pwauth.c: Handle NULL return from crypt().
+        * libmisc/valid.c: Likewise.
+        * src/chgpasswd.c: Likewise.
+        * src/chpasswd.c: Likewise.
+        * src/gpasswd.c: Likewise.
+        * src/newgrp.c: Likewise.
+        * src/newusers.c: Likewise.
+        * src/passwd.c: Likewise.
+
 2013-07-28  Christian Perrier  <christian@perrier.eu.org>
 
 	* configure.in: Prepare for next point release 4.2.
diff --git a/lib/encrypt.c b/lib/encrypt.c
index 7daa8da1..7ff8b506 100644
--- a/lib/encrypt.c
+++ b/lib/encrypt.c
@@ -49,11 +49,10 @@
 	if (!cp) {
 		/*
 		 * Single Unix Spec: crypt() may return a null pointer,
-		 * and set errno to indicate an error.  The caller doesn't
-		 * expect us to return NULL, so...
+		 * and set errno to indicate an error. In this case return
+		 * the NULL so the caller can handle appropriately.
 		 */
-		perror ("crypt");
-		exit (EXIT_FAILURE);
+		return cp;
 	}
 
 	/* The GNU crypt does not return NULL if the algorithm is not
diff --git a/lib/pwauth.c b/lib/pwauth.c
index 4b26daa7..086a72e2 100644
--- a/lib/pwauth.c
+++ b/lib/pwauth.c
@@ -73,6 +73,7 @@ int pw_auth (const char *cipher,
 	char prompt[1024];
 	char *clear = NULL;
 	const char *cp;
+	const char *encrypted;
 	int retval;
 
 #ifdef	SKEY
@@ -177,7 +178,11 @@ int pw_auth (const char *cipher,
 	 * the results there as well.
 	 */
 
-	retval = strcmp (pw_encrypt (input, cipher), cipher);
+	encrypted = pw_encrypt (input, cipher);
+	if (encrypted!=NULL)
+		retval = strcmp (encrypted, cipher);
+	else
+		retval = -1;
 
 #ifdef  SKEY
 	/*
diff --git a/libmisc/valid.c b/libmisc/valid.c
index aa0390a5..4b85d67c 100644
--- a/libmisc/valid.c
+++ b/libmisc/valid.c
@@ -95,6 +95,7 @@ bool valid (const char *password, const struct passwd *ent)
 	 */
 
 	if (   (NULL != ent->pw_name)
+	    && (NULL != encrypted)
 	    && (strcmp (encrypted, ent->pw_passwd) == 0)) {
 		return true;
 	} else {
diff --git a/src/chgpasswd.c b/src/chgpasswd.c
index 0f41d0be..6c42a096 100644
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@@ -469,6 +469,10 @@ int main (int argc, char **argv)
 #endif
 			cp = pw_encrypt (newpwd,
 			                 crypt_make_salt (crypt_method, arg));
+			if (cp == NULL) {
+				perror ("crypt");
+				exit (EXIT_FAILURE);
+			}	
 		}
 
 		/*
diff --git a/src/chpasswd.c b/src/chpasswd.c
index 928e2d75..4968b0d2 100644
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -492,6 +492,10 @@ int main (int argc, char **argv)
 #endif
 			cp = pw_encrypt (newpwd,
 			                 crypt_make_salt(crypt_method, arg));
+			if (cp == NULL) {
+				perror ("crypt");
+				exit (EXIT_FAILURE);
+			}
 		}
 
 		/*
diff --git a/src/gpasswd.c b/src/gpasswd.c
index df8d7148..00436106 100644
--- a/src/gpasswd.c
+++ b/src/gpasswd.c
@@ -939,6 +939,10 @@ static void change_passwd (struct group *gr)
 	}
 
 	cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
+	if (cp==NULL) {
+		perror ("crypt");
+		exit (EXIT_FAILURE);
+	}
 	memzero (pass, sizeof pass);
 #ifdef SHADOWGRP
 	if (is_shadowgrp) {
diff --git a/src/newgrp.c b/src/newgrp.c
index 9330c721..6b877618 100644
--- a/src/newgrp.c
+++ b/src/newgrp.c
@@ -184,7 +184,8 @@ static void check_perms (const struct group *grp,
 		cpasswd = pw_encrypt (cp, grp->gr_passwd);
 		strzero (cp);
 
-		if (grp->gr_passwd[0] == '\0' ||
+		if (cpasswd == NULL ||
+		    grp->gr_passwd[0] == '\0' ||
 		    strcmp (cpasswd, grp->gr_passwd) != 0) {
 #ifdef WITH_AUDIT
 			snprintf (audit_buf, sizeof(audit_buf),
diff --git a/src/newusers.c b/src/newusers.c
index 994898e3..5f83a6a5 100644
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -387,6 +387,7 @@ static int add_user (const char *name, uid_t uid, gid_t gid)
 static void update_passwd (struct passwd *pwd, const char *password)
 {
 	void *crypt_arg = NULL;
+	char *cp;
 	if (crypt_method != NULL) {
 #ifdef USE_SHA_CRYPT
 		if (sflg) {
@@ -398,9 +399,13 @@ static void update_passwd (struct passwd *pwd, const char *password)
 	if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) {
 		pwd->pw_passwd = (char *)password;
 	} else {
-		pwd->pw_passwd = pw_encrypt (password,
-		                             crypt_make_salt (crypt_method,
-		                                              crypt_arg));
+		cp=pw_encrypt (password, crypt_make_salt (crypt_method, 
+		                                          crypt_arg));
+		if (cp == NULL) {
+			perror ("crypt");
+			exit (EXIT_FAILURE);
+		}
+		pwd->pw_passwd = cp;
 	}
 }
 #endif				/* !USE_PAM */
@@ -412,6 +417,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
 {
 	const struct spwd *sp;
 	struct spwd spent;
+	char *cp;
 
 #ifndef USE_PAM
 	void *crypt_arg = NULL;
@@ -448,7 +454,12 @@ static int add_passwd (struct passwd *pwd, const char *password)
 		} else {
 			const char *salt = crypt_make_salt (crypt_method,
 			                                    crypt_arg);
-			spent.sp_pwdp = pw_encrypt (password, salt);
+			cp = pw_encrypt (password, salt);
+			if (cp == NULL) {
+				perror ("crypt");
+				exit (EXIT_FAILURE);
+			}
+			spent.sp_pwdp = cp;
 		}
 		spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
 		if (0 == spent.sp_lstchg) {
@@ -492,7 +503,12 @@ static int add_passwd (struct passwd *pwd, const char *password)
 		spent.sp_pwdp = (char *)password;
 	} else {
 		const char *salt = crypt_make_salt (crypt_method, crypt_arg);
-		spent.sp_pwdp = pw_encrypt (password, salt);
+		cp = pw_encrypt (password, salt);
+		if (cp == NULL) {
+			perror ("crypt");
+			exit (EXIT_FAILURE);
+		}
+		spent.sp_pwdp = cp;
 	}
 #else
 	/*
diff --git a/src/passwd.c b/src/passwd.c
index ac90aa30..ae266661 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -242,7 +242,7 @@ static int new_password (const struct passwd *pw)
 		}
 
 		cipher = pw_encrypt (clear, crypt_passwd);
-		if (strcmp (cipher, crypt_passwd) != 0) {
+		if ((cipher == NULL) || (strcmp (cipher, crypt_passwd) != 0)) {
 			strzero (clear);
 			strzero (cipher);
 			SYSLOG ((LOG_WARN, "incorrect password for %s",
@@ -349,6 +349,10 @@ static int new_password (const struct passwd *pw)
 	 * Encrypt the password, then wipe the cleartext password.
 	 */
 	cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
+	if (cp == NULL) {
+		perror ("crypt");
+		exit (EXIT_FAILURE);
+	}
 	memzero (pass, sizeof pass);
 
 #ifdef HAVE_LIBCRACK_HIST
-- 
2.40.0