1
0
mirror of git://git.suckless.org/ubase synced 2024-12-11 17:29:24 +00:00

passwd: prevent segfault when running as root

When running as root, passwd attempts to compare the new password to
the old password, without having grabbed the old passwd.

This checks if the previous password hash was grabbed before comparing
it against the new password hash.
This commit is contained in:
John Regan 2018-09-29 14:28:37 -04:00 committed by sin
parent 7ffe3cfacc
commit 4f1b54dd92

View File

@ -235,11 +235,14 @@ newpass:
eprintf("getpass:");
if (inpass[0] == '\0')
eprintf("no password supplied\n");
p = crypt(inpass, prevhash);
if (!p)
eprintf("crypt:");
if (cryptpass1 && strcmp(cryptpass1, p) == 0)
eprintf("password left unchanged\n");
if(prevhash) {
p = crypt(inpass, prevhash);
if (!p)
eprintf("crypt:");
if (cryptpass1 && strcmp(cryptpass1, p) == 0)
eprintf("password left unchanged\n");
}
gensalt(salt + strlen(salt));
p = crypt(inpass, salt);
if (!p)