Jump to content


Photo

code injection into crypt function?


  • Please log in to reply
No replies to this topic

#1 tarka dhal

tarka dhal
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 03 October 2006 - 10:51 AM

Hi, I am writing a function to authenticate against a NIS server (If I had a choice to not use NIS I would... but that is a seperate discussion!). I always make sure that user supplied input is properly validated before using it anywhere but the problem I have is that a users password in this case can contain pretty much any special character (I have no control over this). Now the only place I reference the user supplied password is within the crypt function as follows... (the field array being the fields from the passwd.byname map/password file).

if (crypt($_POST['password'], substr($field[1], 0, 12)) == $field[1]) {
         echo "authenticated";
}

Obviously using add_slashes etc is going to break the password checking, so my concern is whether it is possible to inject code into the crypt function. eg something like...

$_POST['password'] = "'a')) { echo 'hacked'; #";

I have tested setting the variable like this and can't break it or produce any sort of error or undesired behaviour, but I just wanted reassurance about the way the crypt function works eg does it expand the variable passed to it hence allowing some form of code injection or does it simply do what you want it to with the variable regardless of what it contains?

Sorry, was going to try and keep it short... didn't turn out that way!

Cheers!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users