git: Fix for password truncation when using crypt(3) with DES

Aggelos Economopoulos aggelos at crater.dragonflybsd.org
Wed May 30 07:04:20 PDT 2012


commit 258ad0e4ed39d0c826df841276397d7d1c2365a3
Author: Aggelos Economopoulos <aoiko at cc.ece.ntua.gr>
Date:   Wed May 30 16:03:21 2012 +0200

    Fix for password truncation when using crypt(3) with DES
    
    Passwords containing a 0x80 byte (UTF-8 encoded ones, ASCII and
    ISO-8859-* not affected) would get truncated as if a '\0' byte
    had been encountered. This could result in some very weak passwords.
    
    Reported-by: Rubin Xu, Joseph Bonneau, Donting Yu (CVE-2012-2143)

Summary of changes:
 secure/lib/libcrypt/crypt-des.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/258ad0e4ed39d0c826df841276397d7d1c2365a3


-- 
DragonFly BSD source repository





More information about the Commits mailing list