From: Jose E. Marchesi <jemarch@gnu.org>
Subject: [SECURITY][CWE-369] GNU Recutils 1.9: empty password triggers divide-by-zero (SIGFPE) in recfix / rec-crypt
Date: Thu, 30 Oct 2025 17:17:49 +0100
References: bsc#1255767 CVE-2025-65409 CWE-369

---
 src/rec-crypt.c | 14 ++++++++++++++
 utils/recfix.c  |  3 +++
 2 files changed, 17 insertions(+)

diff --git a/src/rec-crypt.c b/src/rec-crypt.c
index 5c88716..1ae7882 100644
--- a/src/rec-crypt.c
+++ b/src/rec-crypt.c
@@ -102,6 +102,13 @@ rec_encrypt (char   *in,
 
   /* Set the key of the cypher.  */
   password_size = strlen (password);
+
+  if (password_size <= 0)
+    {
+      gcry_cipher_close (handler);
+      return false;
+    }
+
   for (i = 0; i < AESV2_KEYSIZE; i++)
     key[i] = password[i % password_size];
 
@@ -177,6 +184,13 @@ rec_decrypt (char   *in,
 
   /* Set the key of the cypher.  */
   password_size = strlen (password);
+
+  if (password_size<=0)
+    {
+      gcry_cipher_close (handler);
+      return false;
+    }
+
   for (i = 0; i < AESV2_KEYSIZE; i++)
     key[i] = password[i % password_size];
 
diff --git a/utils/recfix.c b/utils/recfix.c
index f9afef2..d286047 100644
--- a/utils/recfix.c
+++ b/utils/recfix.c
@@ -190,6 +190,9 @@ recfix_parse_args (int argc,
           if (recfix_password != NULL)
             recutl_fatal (_("please specify just one password.\n"));
 
+          if (optarg == NULL || optarg[0] == '\0')
+            recutl_fatal (_("password must not be empty.\n"));
+
           recfix_password = xstrdup (optarg);
           break;
 #endif /* REC_CRYPT_SUPPORT */
--