Merge branch 'fix-crypt_md5' into 'master'

fix: crypt_md5: clamp salt slice to string length

See merge request redox-os/relibc!1445
This commit is contained in:
Jeremy Soller
2026-06-10 05:50:25 -06:00
2 changed files with 14 additions and 1 deletions
+2 -1
View File
@@ -135,8 +135,9 @@ pub fn crypt_md5(passw: &[u8], setting: &str) -> Option<String> {
}
let cursor = 3;
let end = setting.len().min(cursor + SALT_MAX);
let slen = cursor
+ setting[cursor..cursor + SALT_MAX]
+ setting[cursor..end]
.chars()
.take_while(|c| *c != '$')
.count();
+12
View File
@@ -15,6 +15,7 @@
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#include <assert.h>
#include <crypt.h>
#include <stdio.h>
#include <string.h>
@@ -34,5 +35,16 @@ int main () {
printf("Success!\n");
}
/* short salt must not panic (index out of bounds) */
cp = crypt("test", "$1$ab");
if (cp) {
assert(strncmp(cp, "$1$ab$", 6) == 0);
}
cp = crypt("test", "$1$");
if (cp) {
assert(strncmp(cp, "$1$$", 4) == 0);
}
return result;
}