From: "Carlo Marcelo Arenas Belón" <carenas@gmail.com>
To: git@vger.kernel.org
Cc: sam@vilain.net, avarab@gmail.com,
"Carlo Marcelo Arenas Belón" <carenas@gmail.com>
Subject: [PATCH 2/3] git-cvsserver: protect against NULL in crypt(3)
Date: Wed, 15 Sep 2021 01:09:47 -0700 [thread overview]
Message-ID: <20210915080948.11891-3-carenas@gmail.com> (raw)
In-Reply-To: <20210915080948.11891-1-carenas@gmail.com>
Some versions of crypt(3) will return NULL when passed an unsupported
hash type (ex: OpenBSD with DES), so check for undef instead of using
it directly.
Also use this to probe the system and select a better hash function in
the tests, so it can pass successfully.
Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
---
git-cvsserver.perl | 7 ++++---
t/t9400-git-cvsserver-server.sh | 7 ++++++-
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index 4c93b5d099..8e7c34a235 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -222,10 +222,11 @@
open my $passwd, "<", $authdb or die $!;
while (<$passwd>) {
if (m{^\Q$user\E:(.*)}) {
- if (crypt(descramble($password), $1) eq $1) {
- $auth_ok = 1;
+ my $hash = crypt(descramble($password), $1);
+ if (defined $hash) {
+ $auth_ok = 1 if $hash eq $1;
}
- };
+ }
}
close $passwd;
diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh
index 59b40359c7..17f988edd2 100755
--- a/t/t9400-git-cvsserver-server.sh
+++ b/t/t9400-git-cvsserver-server.sh
@@ -36,7 +36,12 @@ CVSWORK="$PWD/cvswork"
CVS_SERVER=git-cvsserver
export CVSROOT CVS_SERVER
-PWDHASH='lac2ItudM3.KM'
+if perl -e 'exit(1) if not defined crypt("", "cv")'
+then
+ PWDHASH='lac2ItudM3.KM'
+else
+ PWDHASH='$2b$10$t8fGvE/a9eLmfOLzsZme2uOa2QtoMYwIxq9wZA6aBKtF1Yb7FJIzi'
+fi
rm -rf "$CVSWORK" "$SERVERDIR"
test_expect_success 'setup' '
--
2.33.0.481.g26d3bed244
next prev parent reply other threads:[~2021-09-15 8:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-15 8:09 [PATCH 0/3] cvsserver: correctly validate pserver passwords Carlo Marcelo Arenas Belón
2021-09-15 8:09 ` [PATCH 1/3] git-cvsserver: use crypt correctly to compare password hashes Carlo Marcelo Arenas Belón
2021-09-15 8:09 ` Carlo Marcelo Arenas Belón [this message]
2021-09-16 22:11 ` [PATCH 2/3] git-cvsserver: protect against NULL in crypt(3) Junio C Hamano
2021-09-16 22:44 ` Carlo Arenas
2021-09-17 3:43 ` Junio C Hamano
2021-09-15 8:09 ` [PATCH 3/3] Documentation: cleanup git-cvsserver Carlo Marcelo Arenas Belón
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210915080948.11891-3-carenas@gmail.com \
--to=carenas@gmail.com \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=sam@vilain.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).