diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2021-02-24 02:46:38 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2021-04-07 09:18:30 +0000 |
commit | 0730b936d7a8f55389873d72cb0996ab941f15d7 (patch) | |
tree | ba00abb449c8171c94ac03f7154646b6c484bfdd /source4 | |
parent | 609ca657652862fd9c81fd11f818efb74f72ff55 (diff) | |
download | samba-0730b936d7a8f55389873d72cb0996ab941f15d7.tar.gz |
s4:dsdb/password_hash: Add additional check for crypt() and crypt_r() failure
While crypt_rn() always returns a null pointer in the event of
failure, crypt() and crypt_r() may instead return a string starting
with the character '*'. This commit adds a check to detect failure in
this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/password_hash.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index e173875f8d9..e48a8c9257b 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1540,6 +1540,7 @@ static int setup_primary_userPassword_hash( * RHEL 7 behaviour. */ errno = 0; + #ifdef HAVE_CRYPT_RN hash = crypt_rn((char *)io->n.cleartext_utf8->data, cmd, @@ -1554,7 +1555,11 @@ static int setup_primary_userPassword_hash( */ hash = crypt((char *)io->n.cleartext_utf8->data, cmd); #endif - if (hash == NULL) { + /* + * On error, crypt() and crypt_r() may return a null pointer, + * or a pointer to an invalid hash beginning with a '*'. + */ + if (hash == NULL || hash[0] == '*') { char buf[1024]; int err = strerror_r(errno, buf, sizeof(buf)); if (err != 0) { |