bin/121146: Adduser produces defective blowfish cipher
password hashes on FreeBSD 7.0-RC3 amd64 and i386
Jaakko Heinonen
jh at saunalahti.fi
Wed Feb 27 18:10:03 UTC 2008
The following reply was made to PR bin/121146; it has been noted by GNATS.
From: Jaakko Heinonen <jh at saunalahti.fi>
To: bug-followup at FreeBSD.org, erwinpeterarcor.de at FreeBSD.org
Cc:
Subject: Re: bin/121146: Adduser produces defective blowfish cipher
password hashes on FreeBSD 7.0-RC3 amd64 and i386
Date: Wed, 27 Feb 2008 20:01:56 +0200
--2fHTh5uZTiUOsy+g
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Increasing the salt size for pw(8) might fix the problem. See the
attached patch.
--
Jaakko
--2fHTh5uZTiUOsy+g
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="pw-salt-size.diff"
Index: pw_user.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/pw/pw_user.c,v
retrieving revision 1.61
diff -p -u -r1.61 pw_user.c
--- pw_user.c 30 Mar 2007 12:57:25 -0000 1.61
+++ pw_user.c 27 Feb 2008 17:51:56 -0000
@@ -1029,22 +1029,24 @@ pw_shellpolicy(struct userconf * cnf, st
return shell_path(cnf->shelldir, cnf->shells, sh ? sh : cnf->shell_default);
}
+#define SALTSIZE 32
+
static char const chars[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.";
char *
pw_pwcrypt(char *password)
{
int i;
- char salt[12];
+ char salt[SALTSIZE + 1];
static char buf[256];
/*
* Calculate a salt value
*/
- for (i = 0; i < 8; i++)
+ for (i = 0; i < SALTSIZE; i++)
salt[i] = chars[arc4random() % 63];
- salt[i] = '\0';
+ salt[SALTSIZE] = '\0';
return strcpy(buf, crypt(password, salt));
}
--2fHTh5uZTiUOsy+g--
More information about the freebsd-bugs
mailing list