24 lines
914 B
Diff
24 lines
914 B
Diff
From: Jan Engelhardt <jengelh@inai.de>
|
|
References: https://marc.info/?l=openbsd-tech&m=150906184009035&w=2
|
|
|
|
Do what openssl-1.1 is doing to guard against an otherwise
|
|
out-of-bounds access.
|
|
|
|
---
|
|
crypto/des/des_fcrypt.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
Index: libressl-4.0.0/crypto/des/des_fcrypt.c
|
|
===================================================================
|
|
--- libressl-4.0.0.orig/crypto/des/des_fcrypt.c
|
|
+++ libressl-4.0.0/crypto/des/des_fcrypt.c
|
|
@@ -207,6 +207,8 @@ DES_fcrypt(const char *buf, const char *
|
|
* crypt to "*". This was found when replacing the crypt in
|
|
* our shared libraries. People found that the disabled
|
|
* accounts effectively had no passwd :-(. */
|
|
+ if (salt[0] >= sizeof(con_salt) || salt[1] >= sizeof(con_salt))
|
|
+ return NULL;
|
|
x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]);
|
|
Eswap0 = con_salt[x] << 2;
|
|
x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]);
|