oss-sec mailing list archives
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()
From: Henri Salo <henri () nerv fi>
Date: Thu, 17 Nov 2011 12:29:17 +0200
On Thu, Nov 17, 2011 at 06:22:17AM +0400, Solar Designer wrote:
On Tue, Nov 15, 2011 at 06:13:24AM +0400, Solar Designer wrote:Alternatively, crypt(3) and crypt_r(3) (and the reference code for SHA-crypt?) could refuse to work on overly long key or/and salt strings, but then the question is what they should do on error.Here's another related option: if (strlen(key) > 100000 || strlen(salt) > 100000) abort(); (or something like this). Ridiculous? Sure, but it's better than overwriting another thread's stack or the heap with somewhat higher lengths, and 100001 chars is not a more reasonable password length to support than, say, 2 million or 10 million (typical thread stack sizes). So if we can't decide on a proper fix (does anyone besides me even care?), something as trivial as the above would be an improvement. Alexander
I care, but I don't have much to contribute. Seems valid discussion for this list in my opinion. Best regards, Henri Salo
Current thread:
- glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 14)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 14)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 16)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Steve Grubb (Nov 16)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Henri Salo (Nov 17)