passwd: fix crashes for unencrypted passwords starting with 'x'.

When deciding where the previous hash should come from, is is
assumed that 'x' started strings all mean to look in shadow.
This is probably harmless in practice, since modern Linux still
use only hashes instead of raw passwords.
However, this is more robust, and more importantly, it is more
consistent with the previous check, which explicitly tests for
the string to be "x".
Mario Rugiero 2018-09-25 15:54:25 -03:00 committed by sin
parent 4f1b54dd92
commit 140efda3a2
1 changed files with 2 additions and 1 deletions

View File

@ -210,7 +210,8 @@ main(int argc, char *argv[])
if (pw->pw_passwd[0] == '\0') {
goto newpass;
if (pw->pw_passwd[0] == 'x')
if (pw->pw_passwd[0] == 'x' &&
pw->pw_passwd[1] == '\0')
prevhash = spw->sp_pwdp;
prevhash = pw->pw_passwd;