[hackers] [ubase][PATCH] passwd: prevent segfault when running as root

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: John Regan <john_AT_jrjrtech.com>
Date: Sat, 29 Sep 2018 14:28:37 -0400

When running as root, passwd attempts to compare the new password to
the old password, without having grabbed the old passwd.

This checks if the previous password hash was grabbed before comparing
it against the new password hash.

---
 passwd.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/passwd.c b/passwd.c
index 52b70a8..afbba9c 100644
--- a/passwd.c
+++ b/passwd.c
_AT_@ -235,11 +235,14 @@ newpass:
 		eprintf("getpass:");
 	if (inpass[0] == '\0')
 		eprintf("no password supplied\n");
-	p = crypt(inpass, prevhash);
-	if (!p)
-		eprintf("crypt:");
-	if (cryptpass1 && strcmp(cryptpass1, p) == 0)
-		eprintf("password left unchanged\n");
+
+	if(prevhash) {
+		p = crypt(inpass, prevhash);
+		if (!p)
+			eprintf("crypt:");
+		if (cryptpass1 && strcmp(cryptpass1, p) == 0)
+			eprintf("password left unchanged\n");
+	}
 	gensalt(salt + strlen(salt));
 	p = crypt(inpass, salt);
 	if (!p)
-- 
2.7.4

Received on Sat Sep 29 2018 - 20:28:37 CEST

This archive was generated by hypermail 2.3.0 : Sat Sep 29 2018 - 20:36:24 CEST