[pve-devel] [PATCH common 2/2] encrypt_pw: check return value matches expected format

[Fabian Grünbichler]

since this manually constructs the input string for `crypt`, which looks
different depending on used prefix/hashing algorithm, ensure that it was
understood by crypt and that it returned a proper hashed password line.

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---

Notes:
    alternatively, we could switch to a wrapper around gen_crypt_salt[_..], but a
    quick search didn't find an applicable perl one.. we do have one in
    proxmox-sys ;)

 src/PVE/Tools.pm | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index 95cd93c..9792ad6 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -1824,7 +1824,12 @@ sub encrypt_pw {
         die "Cannot hash password, unknown crypt prefix '$prefix'\n";
     }
 
-    return crypt(encode("utf8", $pw), $input);
+    my $res = crypt(encode("utf8", $pw), $input);
+    if ($res =~ m/^\$$prefix\$/) {
+        return $res;
+    } else {
+        die "Failed to hash password!\n";
+    }
 }
 
 # intended usage: convert_size($val, "kb" => "gb")
-- 
2.39.5