s4:dsdb/password_hash: Add additional check for crypt() and crypt_r() failure

While crypt_rn() always returns a null pointer in the event of
failure, crypt() and crypt_r() may instead return a string starting
with the character '*'. This commit adds a check to detect failure in
this case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index e173875f8d9167e233f19c34c26aa7c5a8bbffdf..e48a8c9257ba960b5b34cf675aea648d5408575b 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1540,6 +1540,7 @@ static int setup_primary_userPassword_hash(
         * RHEL 7 behaviour.
         */
        errno = 0;
+
 #ifdef HAVE_CRYPT_RN
        hash = crypt_rn((char *)io->n.cleartext_utf8->data,
                        cmd,
@@ -1554,7 +1555,11 @@ static int setup_primary_userPassword_hash(
         */
        hash = crypt((char *)io->n.cleartext_utf8->data, cmd);
 #endif
-       if (hash == NULL) {
+       /*
+       * On error, crypt() and crypt_r() may return a null pointer,
+       * or a pointer to an invalid hash beginning with a '*'.
+       */
+       if (hash == NULL || hash[0] == '*') {
                char buf[1024];
                int err = strerror_r(errno, buf, sizeof(buf));
                if (err != 0) {