From nobody@FreeBSD.org  Fri Dec  1 02:45:00 2000
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 7395937B404
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  1 Dec 2000 02:44:59 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id eB1Aixj84532;
	Fri, 1 Dec 2000 02:44:59 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200012011044.eB1Aixj84532@freefall.freebsd.org>
Date: Fri, 1 Dec 2000 02:44:59 -0800 (PST)
From: andre@express.ru
Sender: nobody@FreeBSD.org
To: freebsd-gnats-submit@FreeBSD.org
Subject: length of salt in crypt() is not the same as described in man 3 crypt
X-Send-Pr-Version: www-1.0

>Number:         23204
>Category:       bin
>Synopsis:       length of salt in crypt() is not the same as described in man 3 crypt
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 01 02:50:01 PST 2000
>Closed-Date:    Mon Jun 14 23:13:40 GMT 2004
>Last-Modified:  Mon Jun 14 23:13:40 GMT 2004
>Originator:     Andre Yelistratov
>Release:        4.2-STABLE
>Organization:
>Environment:
$uname -a
FreeBSD satan.express.ru 4.2-STABLE FreeBSD 4.2-STABLE #0: Fri Nov 24 22:20:30 MSK 2000     root@satan.express.ru:/usr/obj/usr/src/sys/SATAN  i386

>Description:
man 3 crypt:
Modular crypt:

     If the salt begins with the string $digit$ then the Modular Crypt Format
     is used.  The digit represents which algorithm is used in encryption.
     Following the token is the actual salt to use in the encryption.  The
     length of the salt is limited to 16 characters--because the length of the
                    ^^^^^^^^^^^^^^^^^^^^^
     returned output is also limited (_PASSWORD_LEN).  The salt must be termi-
     nated with the end of the string (NULL) or a dollar sign.  Any characters
     after the dollar sign are ignored.

     Currently supported algorithms are:

           1          MD5
===========================================================
In reality length of salt is limited to 8 characters.

>How-To-Repeat:
$cat crp.c
#include <unistd.h>
#include <stdio.h>

main () {
    char passwd[]="testpasswd";
    char salt[]="$1$1234567890$";
    char *hash;
    
    hash = crypt(passwd, salt);  
    printf("%s\n", hash);
}

$cc -o crp crp.c -lcrypt
$./crp
$1$12345678$VYreJG4qkG1D4.4X8s6o41


>Fix:
--- crypt.h.orig        Fri Dec  1 12:29:40 2000
+++ crypt.h     Fri Dec  1 12:29:55 2000
@@ -29,6 +29,7 @@
 
 /* magic sizes */
 #define MD5_SIZE 16
+#define MD5_SALT_SIZE 16
 
 char *crypt_des(const char *pw, const char *salt);
 char *crypt_md5(const char *pw, const char *salt);

--- crypt-md5.c.orig    Fri Dec  1 12:23:28 2000
+++ crypt-md5.c Fri Dec  1 12:30:26 2000
@@ -66,8 +66,8 @@
        if(!strncmp(sp,magic,strlen(magic)))
                sp += strlen(magic);
 
-       /* It stops at the first '$', max 8 chars */
-       for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
+       /* It stops at the first '$', max MD5_SALT_SIZE chars */
+       for(ep=sp;*ep && *ep != '$' && ep < (sp+MD5_SALT_SIZE);ep++)
                continue;
 
        /* get the length of the true salt */




>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: le 
State-Changed-When: Mon Jun 14 23:12:25 GMT 2004 
State-Changed-Why:  
This is a documentation bug, not a code bug, and it was fixed with 
PR docs/36782. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=23204 
>Unformatted:
