[hackers] [ubase] [PATCH 2/2] pw_check: Allow empty password in shadow(5)

From: Michael Forney <mforney_AT_mforney.org>
Date: Tue, 25 Jun 2019 19:20:24 -0700

---
 libutil/passwd.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/libutil/passwd.c b/libutil/passwd.c
index c1233a1..3171fd5 100644
--- a/libutil/passwd.c
+++ b/libutil/passwd.c
_AT_@ -23,12 +23,6 @@ pw_check(const struct passwd *pw, const char *pass)
 	struct spwd *spw;
 
 	p = pw->pw_passwd;
-	if (p[0] == '\0') {
-		if (pass[0] == '\0')
-			return 1;
-		weprintf("incorrect password\n");
-		return 0;
-	}
 	if (p[0] == 'x' && p[1] == '\0') {
 		errno = 0;
 		spw = getspnam(pw->pw_name);
_AT_@ -45,6 +39,12 @@ pw_check(const struct passwd *pw, const char *pass)
 		weprintf("denied\n");
 		return -1;
 	}
+	if (p[0] == '\0') {
+		if (pass[0] == '\0')
+			return 1;
+		weprintf("incorrect password\n");
+		return 0;
+	}
 
 	cryptpass = crypt(pass, p);
 	if (!cryptpass) {
-- 
2.20.1
Received on Wed Jun 26 2019 - 04:20:24 CEST

This archive was generated by hypermail 2.3.0 : Thu Jun 27 2019 - 04:12:23 CEST