File des-fcrypt.diff of Package libressl

From: Jan Engelhardt <jengelh@inai.de>
References: https://marc.info/?l=openbsd-tech&m=150906184009035&w=2

Do what openssl-1.1 is doing to guard against an otherwise
out-of-bounds access.

---
 crypto/des/des_fcrypt.c |    2 ++
 1 file changed, 2 insertions(+)

Index: libressl-4.0.0/crypto/des/des_fcrypt.c
===================================================================
--- libressl-4.0.0.orig/crypto/des/des_fcrypt.c
+++ libressl-4.0.0/crypto/des/des_fcrypt.c
@@ -207,6 +207,8 @@ DES_fcrypt(const char *buf, const char *
 	 * crypt to "*".  This was found when replacing the crypt in
 	 * our shared libraries.  People found that the disabled
 	 * accounts effectively had no passwd :-(. */
+	if (salt[0] >= sizeof(con_salt) || salt[1] >= sizeof(con_salt))
+		return NULL;
 	x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]);
 	Eswap0 = con_salt[x] << 2;
 	x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]);