Tuesday, May 18, 2021

[wvmsuixl] crypt salt character set is not checked

the manpage for crypt(3) states

The characters in "salt" and "encrypted" are drawn from the set [a-zA-Z0-9./]. In the MD5 and SHA implementations the entire key is significant (instead of only the first 8 bytes in DES).

however, as of glibc 2.27, in the SHA-512 implementation (and likely in the MD5 and rest of the SHA implementations), it is not checked that the salt characters supplied by the user are strictly in [a-zA-Z0-9./] . any character other then NUL and $ seem to work.  perhaps terrible things can be done with a salt containing a newline character or colon, separators in /etc/shadow and /etc/passwd .  (though currently I do not see a way to exploit this.)

incidentally, the mkpasswd utility (in the Debian whois package) does check the salt character set.

No comments :