passwd: fix crashes for unencrypted passwords starting with 'x'. - ubase - suckless linux base utils
(HTM) git clone git://git.suckless.org/ubase
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 140efda3a263b9e6d922633c418fa9846d35731d
(DIR) parent 4f1b54dd92aa858432f648fc886700f7b369ed84
(HTM) Author: Mario Rugiero <mrugiero@gmail.com>
Date: Tue, 25 Sep 2018 15:54:25 -0300
passwd: fix crashes for unencrypted passwords starting with 'x'.
When deciding where the previous hash should come from, is is
assumed that 'x' started strings all mean to look in shadow.
This is probably harmless in practice, since modern Linux still
use only hashes instead of raw passwords.
However, this is more robust, and more importantly, it is more
consistent with the previous check, which explicitly tests for
the string to be "x".
Diffstat:
M passwd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
---
(DIR) diff --git a/passwd.c b/passwd.c
@@ -210,7 +210,8 @@ main(int argc, char *argv[])
if (pw->pw_passwd[0] == '\0') {
goto newpass;
}
- if (pw->pw_passwd[0] == 'x')
+ if (pw->pw_passwd[0] == 'x' &&
+ pw->pw_passwd[1] == '\0')
prevhash = spw->sp_pwdp;
else
prevhash = pw->pw_passwd;