From a12ec8b879337c15acba04fe7f5c8e75f5a91809 Mon Sep 17 00:00:00 2001 From: Björn Esser Date: Fri, 23 Nov 2018 19:57:43 +0100 Subject: pam_unix: Return NULL instead of calling crypt_md5_wrapper(). If the call to the crypt(3) function failed for some reason during hashing a new login passphrase, the wrapper function for computing a hash with the md5crypt method was called internally by the pam_unix module in previous versions of linux-pam. With CVE-2012-3287 in mind, the md5crypt method is not considered to be a safe nor recommended hashing method for a new login passphrase since at least 2012. Thus pam_unix should error out in case of a failure in crypt(3) instead of silently computing a hashed passphrase using a potentially unsafe method. * modules/pam_unix/pam_unix.8.xml: Update documentation. * modules/pam_unix/passverify.c (create_password_hash): Return NULL on error instead of silently invoke crypt_md5_wrapper(). --- modules/pam_unix/passverify.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'modules/pam_unix/passverify.c') diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index e03e75b2..67f9e6f7 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -495,10 +495,9 @@ PAMH_ARG_DECL(char * create_password_hash, sp = crypt(password, salt); #endif if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) { - /* libxcrypt/libc doesn't know the algorithm, use MD5 */ + /* libxcrypt/libc doesn't know the algorithm, error out */ pam_syslog(pamh, LOG_ERR, - "Algo %s not supported by the crypto backend, " - "falling back to MD5\n", + "Algo %s not supported by the crypto backend.\n", on(UNIX_YESCRYPT_PASS, ctrl) ? "yescrypt" : on(UNIX_GOST_YESCRYPT_PASS, ctrl) ? "gost_yescrypt" : on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : @@ -510,7 +509,7 @@ PAMH_ARG_DECL(char * create_password_hash, #ifdef HAVE_CRYPT_R free(cdata); #endif - return crypt_md5_wrapper(password); + return NULL; } sp = x_strdup(sp); #ifdef HAVE_CRYPT_R -- cgit v1.2.3