[KDM] Potential NULL pointer deref. w/. glibc 2.17+
mancha1 at hush.com
Sun Jun 23 15:49:42 BST 2013
Starting with glibc 2.17 (eglibc 2.17), crypt() fails with
EINVAL (w/ NULL return) if the salt violates specifications.
Additionally, on FIPS-140 enabled Linux systems, DES or MD5
encrypted passwords passed to crypt() fail with EPERM (w/
If using glibc's crypt() or shadow's pw_encrypt(), check
return value to avoid a possible NULL pointer dereference.
Patch that addresses this issue is submitted for code
review (applies cleanly to HEAD at e6dee42e54).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2949 bytes
Desc: not available
More information about the kde-core-devel