File yast2-core-2.19.3-CVE-2011-2483.diff of Package yast2-core.openSUSE_11.3

Index: yast2-core-2.20.0/libycp/src/y2crypt.cc
===================================================================
--- yast2-core-2.20.0.orig/libycp/src/y2crypt.cc
+++ yast2-core-2.20.0/libycp/src/y2crypt.cc
@@ -141,7 +141,7 @@ crypt_pass (string unencrypted, crypt_t
 	    break;
 
 	case BLOWFISH:
-	    salt = make_crypt_salt ("$2a$", 0);
+	    salt = make_crypt_salt ("$2y$", 0);
 	    if (!salt)
 	    {
 		y2error ("Cannot create salt for blowfish crypt");
@@ -156,7 +156,9 @@ crypt_pass (string unencrypted, crypt_t
 	    return false;
     }
 
-    if (!newencrypted)
+    if (!newencrypted
+    /* catch retval magic by ow-crypt/libxcrypt */
+    || !strcmp(newencrypted, "*0") || !strcmp(newencrypted, "*1"))
     {
 	y2error ("crypt_r () returns 0 pointer");
 	return false;