libressl-2.6.2 is susceptible to an out-of-bounds read:
#include <openssl/des.h>
int main(void) {
char salt[3] = {0xf8, 0xd0, 0x00};
char out[32];
DES_fcrypt("foo", salt, out);
}
Place in libressl's fcrypt.c:
x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
Eswap0=con_salt[x]<<2; // boom
ASM: => 0x00007ffff77a6fa8 <+56>: movzbl (%rcx,%rdx,1),%ebp
rcx = con_salt
rdx = 0xfffffff8
Because salt[0] is -8, x will be 0xfffffff8 due to
type promotion and conversion. con_salt[0xfffffff8]
is then evaluted, which bombs out.
openssl 1.1.x has it fixed (but 1.0.2l does not!) - their commit
seems to be 6493e4801e9edbe1ad1e256d4ce9cd55c8aa2242 in
https://github.com/openssl/openssl .
