openwrt/package
Jo-Philipp Wich 1211832977 busybox: handle crypt() errors in loginutils
The crypt(3) function is allowed to fail with either EINVAL or ENOSYS when
the given salt is either invalid or when the requested algorithm is not
implemented.

In such a case, libbb's pw_encrypt() function will silently convert the
crypt() NULL return value into an empty string which is then processed
without further errors by utilities such as chpasswd or passwd, causing
them to set an empty password when an unsupported cipher is requested.

Patch the relevant users of pw_encrypt() to abort in case an empty hash
is returned by pw_encrypt() in order to mitigate the problem.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 12:08:00 +01:00
..
base-files build: Optionally provide file checksums in package metadata 2019-01-22 09:22:25 +01:00
boot uboot-sunxi: Orange Pi Zero Plus: Fix SdCard detection 2019-01-13 17:35:14 +01:00
devel gdb: The signal definitions of musl and gdb collide 2019-01-12 22:38:50 +01:00
firmware ath10k-firmware: update Candela Tech firmware images 2018-12-20 09:23:45 +01:00
kernel mt76: update to the latest version 2019-01-20 19:01:12 +01:00
libs ncurses: build host libraries with -fPIC 2019-01-22 11:29:05 +01:00
network procd: Add wrapper for uci_validate_section() 2019-01-22 09:05:59 +01:00
system procd: Add wrapper for uci_validate_section() 2019-01-22 09:05:59 +01:00
utils busybox: handle crypt() errors in loginutils 2019-01-22 12:08:00 +01:00
Makefile build: add ABI_VERSION to binary package names 2019-01-19 14:32:12 +01:00