oss-sec mailing list archives

Re: CVE request: crypt_blowfish 8-bit character mishandling

From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Thu, 7 Jul 2011 10:05:07 +0200

Solar Designer wrote:

Here's my current code, with lots of comments - more comments than code,
actually, because the code is very compact:


mkpasswd (package whois) checks whether the crypted password starts
with the originally requested prefix. Since crypt_gensalt now
returns $2y for $2a mkpasswd fails. I'm not claiming mkpasswd's
assumption on the behavior of crypt_gensalt is correct but it's not
documented whether crypt_gensalt may change the prefix.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)

Current thread:

Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 06)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 07)
  - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 07)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 08)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 07)
- <Possible follow-ups>
- Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 07)
  - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 07)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 11)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 11)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 12)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 13)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 14)

(Thread continues...)