From 1211832977b98c491d1198ab66c4f8ffc0886a87 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Tue, 22 Jan 2019 12:01:09 +0100 Subject: busybox: handle crypt() errors in loginutils The crypt(3) function is allowed to fail with either EINVAL or ENOSYS when the given salt is either invalid or when the requested algorithm is not implemented. In such a case, libbb's pw_encrypt() function will silently convert the crypt() NULL return value into an empty string which is then processed without further errors by utilities such as chpasswd or passwd, causing them to set an empty password when an unsupported cipher is requested. Patch the relevant users of pw_encrypt() to abort in case an empty hash is returned by pw_encrypt() in order to mitigate the problem. Signed-off-by: Jo-Philipp Wich --- package/utils/busybox/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'package/utils/busybox/Makefile') diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile index 74dbf84d3b..3969bbeb18 100644 --- a/package/utils/busybox/Makefile +++ b/package/utils/busybox/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=busybox PKG_VERSION:=1.30.0 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_FLAGS:=essential PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -- cgit v1.2.3