DragonFly BSD
DragonFly commits List (threaded) for 2012-05
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

git: Fix for password truncation when using crypt(3) with DES

From: Aggelos Economopoulos <aggelos@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 30 May 2012 07:04:20 -0700 (PDT) 
commit 258ad0e4ed39d0c826df841276397d7d1c2365a3
Author: Aggelos Economopoulos <aoiko@cc.ece.ntua.gr>
Date:   Wed May 30 16:03:21 2012 +0200

    Fix for password truncation when using crypt(3) with DES
    
    Passwords containing a 0x80 byte (UTF-8 encoded ones, ASCII and
    ISO-8859-* not affected) would get truncated as if a '\0' byte
    had been encountered. This could result in some very weak passwords.
    
    Reported-by: Rubin Xu, Joseph Bonneau, Donting Yu (CVE-2012-2143)

Summary of changes:
 secure/lib/libcrypt/crypt-des.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/258ad0e4ed39d0c826df841276397d7d1c2365a3


-- 
DragonFly BSD source repository

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]