From 4f1b54dd92aa858432f648fc886700f7b369ed84 Mon Sep 17 00:00:00 2001 From: John Regan Date: Sat, 29 Sep 2018 14:28:37 -0400 Subject: [PATCH] passwd: prevent segfault when running as root When running as root, passwd attempts to compare the new password to the old password, without having grabbed the old passwd. This checks if the previous password hash was grabbed before comparing it against the new password hash. --- passwd.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/passwd.c b/passwd.c index 52b70a8..afbba9c 100644 --- a/passwd.c +++ b/passwd.c @@ -235,11 +235,14 @@ newpass: eprintf("getpass:"); if (inpass[0] == '\0') eprintf("no password supplied\n"); - p = crypt(inpass, prevhash); - if (!p) - eprintf("crypt:"); - if (cryptpass1 && strcmp(cryptpass1, p) == 0) - eprintf("password left unchanged\n"); + + if(prevhash) { + p = crypt(inpass, prevhash); + if (!p) + eprintf("crypt:"); + if (cryptpass1 && strcmp(cryptpass1, p) == 0) + eprintf("password left unchanged\n"); + } gensalt(salt + strlen(salt)); p = crypt(inpass, salt); if (!p)