From: "Carlo Marcelo Arenas Belón" <carenas@gmail.com>
To: git@vger.kernel.org
Cc: sam@vilain.net, avarab@gmail.com,
"Carlo Marcelo Arenas Belón" <carenas@gmail.com>
Subject: [PATCH 2/3] git-cvsserver: protect against NULL in crypt(3)
Date: Wed, 15 Sep 2021 01:09:47 -0700 [thread overview]
Message-ID: <20210915080948.11891-3-carenas@gmail.com> (raw)
In-Reply-To: <20210915080948.11891-1-carenas@gmail.com>
Some versions of crypt(3) will return NULL when passed an unsupported
hash type (ex: OpenBSD with DES), so check for undef instead of using
it directly.
Also use this to probe the system and select a better hash function in
the tests, so it can pass successfully.
Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
---
git-cvsserver.perl | 7 ++++---
t/t9400-git-cvsserver-server.sh | 7 ++++++-
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index 4c93b5d099..8e7c34a235 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -222,10 +222,11 @@
open my $passwd, "<", $authdb or die $!;
while (<$passwd>) {
if (m{^\Q$user\E:(.*)}) {
- if (crypt(descramble($password), $1) eq $1) {
- $auth_ok = 1;
+ my $hash = crypt(descramble($password), $1);
+ if (defined $hash) {
+ $auth_ok = 1 if $hash eq $1;
}
- };
+ }
}
close $passwd;
diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh
index 59b40359c7..17f988edd2 100755
--- a/t/t9400-git-cvsserver-server.sh
+++ b/t/t9400-git-cvsserver-server.sh
@@ -36,7 +36,12 @@ CVSWORK="$PWD/cvswork"
CVS_SERVER=git-cvsserver
export CVSROOT CVS_SERVER
-PWDHASH='lac2ItudM3.KM'
+if perl -e 'exit(1) if not defined crypt("", "cv")'
+then
+ PWDHASH='lac2ItudM3.KM'
+else
+ PWDHASH='$2b$10$t8fGvE/a9eLmfOLzsZme2uOa2QtoMYwIxq9wZA6aBKtF1Yb7FJIzi'
+fi
rm -rf "$CVSWORK" "$SERVERDIR"
test_expect_success 'setup' '
--
2.33.0.481.g26d3bed244
next prev parent reply other threads:[~2021-09-15 8:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-15 8:09 [PATCH 0/3] cvsserver: correctly validate pserver passwords Carlo Marcelo Arenas Belón
2021-09-15 8:09 ` [PATCH 1/3] git-cvsserver: use crypt correctly to compare password hashes Carlo Marcelo Arenas Belón
2021-09-15 8:09 ` Carlo Marcelo Arenas Belón [this message]
2021-09-16 22:11 ` [PATCH 2/3] git-cvsserver: protect against NULL in crypt(3) Junio C Hamano
2021-09-16 22:44 ` Carlo Arenas
2021-09-17 3:43 ` Junio C Hamano
2021-09-15 8:09 ` [PATCH 3/3] Documentation: cleanup git-cvsserver Carlo Marcelo Arenas Belón
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210915080948.11891-3-carenas@gmail.com \
--to=carenas@gmail.com \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=sam@vilain.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.