oss-sec mailing list archives

Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()

From: Solar Designer <solar () openwall com>
Date: Thu, 17 Nov 2011 06:22:17 +0400

On Tue, Nov 15, 2011 at 06:13:24AM +0400, Solar Designer wrote:

Alternatively, crypt(3) and crypt_r(3) (and the reference code for
SHA-crypt?) could refuse to work on overly long key or/and salt strings,
but then the question is what they should do on error.


Here's another related option:

        if (strlen(key) > 100000 || strlen(salt) > 100000)
                abort();

(or something like this).  Ridiculous?  Sure, but it's better than
overwriting another thread's stack or the heap with somewhat higher
lengths, and 100001 chars is not a more reasonable password length to
support than, say, 2 million or 10 million (typical thread stack sizes).

So if we can't decide on a proper fix (does anyone besides me even
care?), something as trivial as the above would be an improvement.

Alexander

Current thread:

glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 14)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 14)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 16)
  - Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Steve Grubb (Nov 16)
  - Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Henri Salo (Nov 17)