Re: [hackers] [ubase][PATCH] passwd: fix crashes when authentication is unnecessary.

From: Quentin Rameau <quinq_AT_fifth.space>
Date: Tue, 25 Sep 2018 07:16:12 +0200

Hey Mario,

> - p = crypt(inpass, prevhash);
> - if (!p)
> - eprintf("crypt:");
> - if (cryptpass1 && strcmp(cryptpass1, p) == 0)
> - eprintf("password left unchanged\n");
> + if (cryptpass1) {

            ^--- for more clarity, maybe check against prevhash instead?

> + p = crypt(inpass, prevhash);
> + if (!p)
> + eprintf("crypt:");
> + if (strcmp(cryptpass1, p) == 0)
> + eprintf("password left unchanged\n");
> + }
Received on Tue Sep 25 2018 - 07:16:12 CEST

This archive was generated by hypermail 2.3.0 : Tue Sep 25 2018 - 07:24:21 CEST