DragonFly BSD
DragonFly commits List (threaded) for 2012-05
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

git: DragonFly_RELEASE_3_0 Fix for password truncation when using crypt(3) with DES

From: Sascha Wildner <swildner@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 31 May 2012 09:31:40 -0700 (PDT) 
commit 4aea093ab000a69c4b50678bf207d046dfdb8428
Author: Aggelos Economopoulos <aoiko@cc.ece.ntua.gr>
Date:   Wed May 30 16:03:21 2012 +0200

    Fix for password truncation when using crypt(3) with DES
    
    Passwords containing a 0x80 byte (UTF-8 encoded ones, ASCII and
    ISO-8859-* not affected) would get truncated as if a '\0' byte
    had been encountered. This could result in some very weak passwords.
    
    Reported-by: Rubin Xu, Joseph Bonneau, Donting Yu (CVE-2012-2143)

Summary of changes:
 secure/lib/libcrypt/crypt-des.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/4aea093ab000a69c4b50678bf207d046dfdb8428


-- 
DragonFly BSD source repository

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]