[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #39040] Fix potential NULL pointer dereference with glibc 2.17+
From: |
mancha |
Subject: |
[bug #39040] Fix potential NULL pointer dereference with glibc 2.17+ |
Date: |
Wed, 22 May 2013 15:17:22 +0000 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0 |
URL:
<http://savannah.nongnu.org/bugs/?39040>
Summary: Fix potential NULL pointer dereference with glibc
2.17+
Project: Concurrent Versions System
Submitted by: mancha
Submitted on: Wed 22 May 2013 03:17:21 PM GMT
Category: Bug Fix (patch attached)
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Release:
Discussion Lock: Any
Fixed Release: None
Fixed Feature Release: None
_______________________________________________________
Details:
Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL (w/ NULL
return) if the salt violates specifications. Additionally, on FIPS-140 enabled
Linux systems, DES/MD5-encrypted passwords passed to crypt() fail with EPERM
(w/ NULL return).
This change can potentially cause a NULL pointer dereference in cvs after
calling crypt() for password verification.
Attached patch, against cvs 1.11.23, fixes.
--mancha
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Wed 22 May 2013 03:17:21 PM GMT Name: cvs-1.11.23-crypt.diff Size: 2kB
By: mancha
<http://savannah.nongnu.org/bugs/download.php?file_id=28140>
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?39040>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [bug #39040] Fix potential NULL pointer dereference with glibc 2.17+,
mancha <=