FS#2291 - RPCd crashes with $5$ or $6$ format hashes in shadow(5) with CONFIG_MUSL_DISABLE_CRYPT_SIZE_HACK=y #7179

openwrt-bot · 2019-05-22T08:30:40Z

aaronmdjones:

Device: Netgear WNDR3700 & WNDR3800
Architecture: ar71xx
OpenWRT master

Steps to reproduce:


$ openssl rand 12 | base64
EMoT4MFUTh03hwxx
$ python
>>> import crypt
>>> crypt.crypt("password", "$6$EMoT4MFUTh03hwxx$")
'$6$EMoT4MFUTh03hwxx$GhP4a6RCDJfpHo9e2SycODiAIiBrJP/bOJvsRu6Ws98n5N8/Mh4esTYvhc1fjDnU8cDl1QduG/eJxHjXq9YGq/'
>>> 
$

root@router:# cp /etc/shadow /etc/shadow.bak root@router:# nano /etc/shadow root@router:# grep root /etc/shadow root:$6$EMoT4MFUTh03hwxx$GhP4a6RCDJfpHo9e2SycODiAIiBrJP/bOJvsRu6Ws98n5N8/Mh4esTYvhc1fjDnU8cDl1QduG/eJxHjXq9YGq/:17680:0:99999:7::: root@router:#

(Try a web login in LuCI ...)

[[https://imgur.com/a/4SgPDEg|Screenshots]]


root@router:~# dmesg
[...]
[ 4476.842899] do_page_fault(): sending SIGSEGV to rpcd for invalid read access from 00000000
[ 4476.851215] epc = 77ee8cc4 in libc.so[77e72000+99000]
[ 4476.856319] ra  = 55654147 in rpcd[55651000+a000]
root@router:~#

Rebooting fixes it (ostensibly RPCd is restarted) so that LuCI responds again, but the issue persists.

The text was updated successfully, but these errors were encountered:

openwrt-bot closed this as completed Jun 5, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FS#2291 - RPCd crashes with $5$ or $6$ format hashes in shadow(5) with CONFIG_MUSL_DISABLE_CRYPT_SIZE_HACK=y #7179

FS#2291 - RPCd crashes with $5$ or $6$ format hashes in shadow(5) with CONFIG_MUSL_DISABLE_CRYPT_SIZE_HACK=y #7179

openwrt-bot commented May 22, 2019

FS#2291 - RPCd crashes with $5$ or $6$ format hashes in shadow(5) with CONFIG_MUSL_DISABLE_CRYPT_SIZE_HACK=y #7179

FS#2291 - RPCd crashes with $5$ or $6$ format hashes in shadow(5) with CONFIG_MUSL_DISABLE_CRYPT_SIZE_HACK=y #7179

Comments

openwrt-bot commented May 22, 2019