Bug 36782

Summary: md5 salt documented as being 16 bytes max length. In reailty it is 8 bytes max length.
Product: Documentation Reporter: Andre Yelistratov <andre>
Component: Books & ArticlesAssignee: Tom Rhodes <trhodes>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Andre Yelistratov 2002-04-05 11:10:00 UTC 
The maximum length of salt in MD5 is hardoded at crypt-md5.c and represents 8 bytes,
contrary to 'man 3 crypt': 'The length of the salt is limited to 16 characters'.
crypt-md5.c:
/* Refine the Salt first */
    sp = salt;
[skip]
    /* It stops at the first '$', max 8 chars */
    for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
        continue;

Fix: 

Trivial.
How-To-Repeat:  call md5 crypt() with any salt longer than 8 chars.
Comment 1 Tom Rhodes freebsd_committer freebsd_triage 2002-04-09 23:33:11 UTC 
State Changed
From-To: open->patched

I reviewed crypt-md5.c and read the manual page, this has been patched, thanks!
Comment 2 Tom Rhodes freebsd_committer freebsd_triage 2002-04-09 23:33:11 UTC 
Responsible Changed
From-To: freebsd-doc->trhodes

I have reviewed the manual page, and patched crypt(3).  Thanks!
Comment 3 Tom Rhodes freebsd_committer freebsd_triage 2002-04-12 17:58:01 UTC 
State Changed
From-To: patched->closed

Fixed in STABLE, thanks for pointing this out!