From d9e544ff71b9d466873c558c377de0d0a2caab2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Mon, 31 Mar 2025 12:03:34 +0200
Subject: [PATCH] encrypt_pw: check return value matches expected format
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

since this manually constructs the input string for `crypt`, which looks
different depending on used prefix/hashing algorithm, ensure that it was
understood by crypt and that it returned a proper hashed password line.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 src/PVE/Tools.pm | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index c86fb62..8901f92 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -1824,7 +1824,12 @@ sub encrypt_pw {
         die "Cannot hash password, unknown crypt prefix '$prefix'\n";
     }
 
-    return crypt(encode("utf8", $pw), $input);
+    my $res = crypt(encode("utf8", $pw), $input);
+    if ($res =~ m/^\$$prefix\$/) {
+        return $res;
+    } else {
+        die "Failed to hash password!\n";
+    }
 }
 
 # intended usage: convert_size($val, "kb" => "gb")