[KDM] Potential NULL pointer deref. w/. glibc 2.17+

mancha mancha1 at hush.com
Sun Jun 23 15:49:42 BST 2013


Starting with glibc 2.17 (eglibc 2.17), crypt() fails with
EINVAL (w/ NULL return) if the salt violates specifications.
Additionally, on FIPS-140 enabled Linux systems, DES or MD5
encrypted passwords passed to crypt() fail with EPERM (w/
NULL return).

If using glibc's crypt() or shadow's pw_encrypt(), check
return value to avoid a possible NULL pointer dereference.

Patch that addresses this issue is submitted for code
review (applies cleanly to HEAD at e6dee42e54).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Handle-NULL-returns-from-glibc-2.17-crypt.patch
Type: application/octet-stream
Size: 2949 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20130623/ddd14bab/attachment.obj>

More information about the kde-core-devel mailing list