From 0730b936d7a8f55389873d72cb0996ab941f15d7 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 24 Feb 2021 02:46:38 +1300
Subject: s4:dsdb/password_hash: Add additional check for crypt() and crypt_r()
 failure

While crypt_rn() always returns a null pointer in the event of
failure, crypt() and crypt_r() may instead return a string starting
with the character '*'. This commit adds a check to detect failure in
this case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/dsdb/samdb/ldb_modules/password_hash.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'source4')

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index e173875f8d9..e48a8c9257b 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1540,6 +1540,7 @@ static int setup_primary_userPassword_hash(
 	 * RHEL 7 behaviour.
 	 */
 	errno = 0;
+
 #ifdef HAVE_CRYPT_RN
 	hash = crypt_rn((char *)io->n.cleartext_utf8->data,
 			cmd,
@@ -1554,7 +1555,11 @@ static int setup_primary_userPassword_hash(
 	 */
 	hash = crypt((char *)io->n.cleartext_utf8->data, cmd);
 #endif
-	if (hash == NULL) {
+	/*
+	* On error, crypt() and crypt_r() may return a null pointer,
+	* or a pointer to an invalid hash beginning with a '*'.
+	*/
+	if (hash == NULL || hash[0] == '*') {
 		char buf[1024];
 		int err = strerror_r(errno, buf, sizeof(buf));
 		if (err != 0) {
-- 
cgit v1.2.1