git: Fix for password truncation when using crypt(3) with DES
Aggelos Economopoulos
aggelos at crater.dragonflybsd.org
Wed May 30 07:04:20 PDT 2012
commit 258ad0e4ed39d0c826df841276397d7d1c2365a3
Author: Aggelos Economopoulos <aoiko at cc.ece.ntua.gr>
Date: Wed May 30 16:03:21 2012 +0200
Fix for password truncation when using crypt(3) with DES
Passwords containing a 0x80 byte (UTF-8 encoded ones, ASCII and
ISO-8859-* not affected) would get truncated as if a '\0' byte
had been encountered. This could result in some very weak passwords.
Reported-by: Rubin Xu, Joseph Bonneau, Donting Yu (CVE-2012-2143)
Summary of changes:
secure/lib/libcrypt/crypt-des.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/258ad0e4ed39d0c826df841276397d7d1c2365a3
--
DragonFly BSD source repository
More information about the Commits
mailing list