passwd: fix crashes for unencrypted passwords starting with 'x'.
When deciding where the previous hash should come from, is is assumed that 'x' started strings all mean to look in shadow. This is probably harmless in practice, since modern Linux still use only hashes instead of raw passwords. However, this is more robust, and more importantly, it is more consistent with the previous check, which explicitly tests for the string to be "x".
This commit is contained in:
Mario Rugiero
sin
parent
4f1b54dd92
commit
140efda3a2
3
passwd.c
3
passwd.c
@ -210,7 +210,8 @@ main(int argc, char *argv[])
|
|||||||
if (pw->pw_passwd[0] == '\0') {
|
if (pw->pw_passwd[0] == '\0') {
|
||||||
goto newpass;
|
goto newpass;
|
||||||
}
|
}
|
||||||
if (pw->pw_passwd[0] == 'x')
|
if (pw->pw_passwd[0] == 'x' &&
|
||||||
|
pw->pw_passwd[1] == '\0')
|
||||||
prevhash = spw->sp_pwdp;
|
prevhash = spw->sp_pwdp;
|
||||||
else
|
else
|
||||||
prevhash = pw->pw_passwd;
|
prevhash = pw->pw_passwd;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user