oss-sec mailing list archives

Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()

From: Henri Salo <henri () nerv fi>
Date: Thu, 17 Nov 2011 12:29:17 +0200

On Thu, Nov 17, 2011 at 06:22:17AM +0400, Solar Designer wrote:

On Tue, Nov 15, 2011 at 06:13:24AM +0400, Solar Designer wrote:

Alternatively, crypt(3) and crypt_r(3) (and the reference code for
SHA-crypt?) could refuse to work on overly long key or/and salt strings,
but then the question is what they should do on error.


Here's another related option:

      if (strlen(key) > 100000 || strlen(salt) > 100000)
              abort();

(or something like this).  Ridiculous?  Sure, but it's better than
overwriting another thread's stack or the heap with somewhat higher
lengths, and 100001 chars is not a more reasonable password length to
support than, say, 2 million or 10 million (typical thread stack sizes).

So if we can't decide on a proper fix (does anyone besides me even
care?), something as trivial as the above would be an improvement.

Alexander


I care, but I don't have much to contribute. Seems valid discussion for this list in my opinion.

Best regards,
Henri Salo

Current thread:

glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 14)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 14)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 16)
  - Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Steve Grubb (Nov 16)
  - Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Henri Salo (Nov 17)