Bug#714219: libc6: crypt(3) returns NULL with EINVAL instead of falling back to DES, breaking GNU software
Dear all:
You might be interested in a project of mine which humbly began
as helping the Slackware Linux team patch their Shadow tools
suite to properly handle possible NULL returns from glibc 2.17+
crypt().
It since has evolved into a larger project where I have been
working with developers to introduce needed checks to prevent
possible NULL pointer dereference situations in their programs.
My progress is being documented in Slackware's de facto bug &
discussion forum (linuxquestions.org). You can view thread here:
https://www.linuxquestions.org/questions/slackware-14/%5Bslackware-
current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/
Additionally, I have placed all patch files along with a signed
digest file in a sourceforge project:
https://sourceforge.net/projects/miscellaneouspa/files/glibc217/
The Debian security team might be interested in this given the
security implications of some of these fixes. Please CC: me in
any such correspondence.
--mancha
PGP Key ID: 0xB5ABF4FFF7048E92
Key fingerprint = 7F1F E9BF 77CF 15AC 8F6B C934 B5AB F4FF F704
8E92
Reply to: