Bug 815993

Summary: PATCH: properly deal with crypt() returning NULL
Product: [Fedora] Fedora Reporter: Paul Wouters <pwouters>
Component: opensshAssignee: Petr Lautrbach <plautrba>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 17CC: mattias.ellert, mgrepl, plautrba, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-21 09:57:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch hanlding crypt() returning NULL none

Description Paul Wouters 2012-04-25 01:41:25 UTC 
the xcrypt() function can use the crypt() function underneath, which can return NULL. But xcrypt() output is blindly strcmp()'ed.

Attached patch addresses this. Patch also send upstream.

crypt() returning NULL can happen in fips mode when the hash algo is not an approved algorithm such as the default MD5...
Comment 1 Paul Wouters 2012-04-25 01:42:54 UTC 
Created attachment 580036 [details]
patch hanlding crypt() returning NULL
Comment 2 Tomas Mraz 2012-04-25 07:22:56 UTC 
Just note that this code is used only in case UsePAM is set to 'no' which is unsupported configuration. Thus the severity is very low in this case.
Comment 3 Petr Lautrbach 2012-08-06 07:30:32 UTC 
The openbsd-compat/port-uw.c patch part doesn't check a return value of the xcrypt() and moreover port-uw.c is not 
relevant to our platform so I used an upstream revision 1.91 of auth-passwd.c:

--- auth-passwd.c       8 Mar 2009 00:40:28 -0000       1.90
+++ auth-passwd.c       25 Apr 2012 23:51:28 -0000      1.91
@@ -209,6 +209,7 @@
         * Authentication is accepted if the encrypted passwords
         * are identical.
         */
-       return (strcmp(encrypted_password, pw_password) == 0);
+       return encrypted_password != NULL &&
+           strcmp(encrypted_password, pw_password) == 0;
 }
 #endif

Thanks for the report.
Comment 4 Fedora Update System 2012-08-07 07:47:15 UTC 
openssh-5.9p1-26.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/openssh-5.9p1-26.fc17
Comment 5 Fedora Update System 2012-08-09 23:11:10 UTC 
Package openssh-5.9p1-26.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssh-5.9p1-26.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-11609/openssh-5.9p1-26.fc17
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2012-08-21 09:57:36 UTC 
openssh-5.9p1-26.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.