1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s4:dsdb/password_hash: Add additional check for crypt() and crypt_r() failure

While crypt_rn() always returns a null pointer in the event of
failure, crypt() and crypt_r() may instead return a string starting
with the character '*'. This commit adds a check to detect failure in
this case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2021-02-24 02:46:38 +13:00 committed by Andrew Bartlett
parent 609ca65765
commit 0730b936d7

View File

@ -1540,6 +1540,7 @@ static int setup_primary_userPassword_hash(
* RHEL 7 behaviour. * RHEL 7 behaviour.
*/ */
errno = 0; errno = 0;
#ifdef HAVE_CRYPT_RN #ifdef HAVE_CRYPT_RN
hash = crypt_rn((char *)io->n.cleartext_utf8->data, hash = crypt_rn((char *)io->n.cleartext_utf8->data,
cmd, cmd,
@ -1554,7 +1555,11 @@ static int setup_primary_userPassword_hash(
*/ */
hash = crypt((char *)io->n.cleartext_utf8->data, cmd); hash = crypt((char *)io->n.cleartext_utf8->data, cmd);
#endif #endif
if (hash == NULL) { /*
* On error, crypt() and crypt_r() may return a null pointer,
* or a pointer to an invalid hash beginning with a '*'.
*/
if (hash == NULL || hash[0] == '*') {
char buf[1024]; char buf[1024];
int err = strerror_r(errno, buf, sizeof(buf)); int err = strerror_r(errno, buf, sizeof(buf));
if (err != 0) { if (err != 0) {