From nobody@FreeBSD.org  Fri Apr  5 02:05:23 2002
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 4FAD937B41A
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  5 Apr 2002 02:05:22 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g35A5Mo33553;
	Fri, 5 Apr 2002 02:05:22 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200204051005.g35A5Mo33553@freefall.freebsd.org>
Date: Fri, 5 Apr 2002 02:05:22 -0800 (PST)
From: Andre Yelistratov <andre@andre.net.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: md5 salt documented as being 16 bytes max length. In reailty it is 8 bytes max length.
X-Send-Pr-Version: www-1.0

>Number:         36782
>Category:       docs
>Synopsis:       md5 salt documented as being 16 bytes max length. In reailty it is 8 bytes max length.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    trhodes
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 05 02:10:00 PST 2002
>Closed-Date:    Fri Apr 12 09:58:30 PDT 2002
>Last-Modified:  Fri Apr 12 09:58:30 PDT 2002
>Originator:     Andre Yelistratov
>Release:        4.5-Stable
>Organization:
Servocomp
>Environment:
FreeBSD andre.servocomp.ru 4.5-STABLE FreeBSD 4.5-STABLE #1: Tue Mar 12 14:28:26 MSK 2002     root@andre.servocomp.ru:/usr/obj/usr/src/sys/ANDRE  i386

>Description:
The maximum length of salt in MD5 is hardoded at crypt-md5.c and represents 8 bytes,
contrary to 'man 3 crypt': 'The length of the salt is limited to 16 characters'.
crypt-md5.c:
/* Refine the Salt first */
    sp = salt;
[skip]
    /* It stops at the first '$', max 8 chars */
    for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
        continue;


>How-To-Repeat:
 call md5 crypt() with any salt longer than 8 chars.
>Fix:
Trivial.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: trhodes 
State-Changed-When: Tue Apr 9 15:33:11 PDT 2002 
State-Changed-Why:  
I reviewed crypt-md5.c and read the manual page, this has been patched, thanks! 


Responsible-Changed-From-To: freebsd-doc->trhodes 
Responsible-Changed-By: trhodes 
Responsible-Changed-When: Tue Apr 9 15:33:11 PDT 2002 
Responsible-Changed-Why:  
I have reviewed the manual page, and patched crypt(3).  Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=36782 
State-Changed-From-To: patched->closed 
State-Changed-By: trhodes 
State-Changed-When: Fri Apr 12 09:58:01 PDT 2002 
State-Changed-Why:  
Fixed in STABLE, thanks for pointing this out! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=36782 
>Unformatted:
