48 lines
1.6 KiB
Diff
48 lines
1.6 KiB
Diff
|
From 0a370b8f77bd4b1be3f776257869e5c85eb9e8e2 Mon Sep 17 00:00:00 2001
|
||
|
|
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
||
|
|
Date: Mon, 1 Dec 2014 15:28:36 +0100
|
||
|
|
Subject: [PATCH] t/op/taint.t: Perform SHA-256 algorithm by crypt() if default
|
||
|
|
one is disabled
|
||
|
|
MIME-Version: 1.0
|
||
|
|
Content-Type: text/plain; charset=UTF-8
|
||
|
|
Content-Transfer-Encoding: 8bit
|
||
|
|
|
||
|
|
The crypt(3) call may return NULL. This is the case on FIPS-enabled
|
||
|
|
platforms. Then "tainted crypt" test would fail.
|
||
|
|
|
||
|
|
See RT#121591 for similar fix in t/op/crypt.t.
|
||
|
|
|
||
|
|
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||
|
|
---
|
||
|
|
t/op/taint.t | 14 +++++++++++++-
|
||
|
|
1 file changed, 13 insertions(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/t/op/taint.t b/t/op/taint.t
|
||
|
|
index f9e8331..a13fde4 100644
|
||
|
|
--- a/t/op/taint.t
|
||
|
|
+++ b/t/op/taint.t
|
||
|
|
@@ -1967,7 +1967,19 @@ foreach my $ord (78, 163, 256) {
|
||
|
|
SKIP: {
|
||
|
|
skip 'No crypt function, skipping crypt tests', 4 if(!$Config{d_crypt});
|
||
|
|
# 59998
|
||
|
|
- sub cr { my $x = crypt($_[0], $_[1]); $x }
|
||
|
|
+ sub cr {
|
||
|
|
+ # On platforms implementing FIPS mode, using a weak algorithm
|
||
|
|
+ # (including the default triple-DES algorithm) causes crypt(3) to
|
||
|
|
+ # return a null pointer, which Perl converts into undef. We assume
|
||
|
|
+ # for now that all such platforms support glibc-style selection of
|
||
|
|
+ # a different hashing algorithm.
|
||
|
|
+ my $alg = ''; # Use default algorithm
|
||
|
|
+ if ( !defined(crypt("ab", "cd")) ) {
|
||
|
|
+ $alg = '$5$'; # Use SHA-256
|
||
|
|
+ }
|
||
|
|
+ my $x = crypt($_[0], $alg . $_[1]);
|
||
|
|
+ $x
|
||
|
|
+ }
|
||
|
|
sub co { my $x = ~$_[0]; $x }
|
||
|
|
my ($a, $b);
|
||
|
|
$a = cr('hello', 'foo' . $TAINT);
|
||
|
|
--
|
||
|
|
1.9.3
|
||
|
|
|