Re: [hackers] [ubase][PATCH] passwd: fix crashes when authentication is unnecessary.

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Mario Rugiero <mrugiero_AT_gmail.com>
Date: Tue, 25 Sep 2018 15:34:46 -0300

El mar., 25 sep. 2018 02:18, Quentin Rameau <quinq_AT_fifth.space> escribió:

> Hey Mario,
>
> > - p = crypt(inpass, prevhash);
> > - if (!p)
> > - eprintf("crypt:");
> > - if (cryptpass1 && strcmp(cryptpass1, p) == 0)
> > - eprintf("password left unchanged\n");
> > + if (cryptpass1) {
>
> ^--- for more clarity, maybe check against prevhash instead?
>
That makes sense.

>
> > + p = crypt(inpass, prevhash);
> > + if (!p)
> > + eprintf("crypt:");
> > + if (strcmp(cryptpass1, p) == 0)
> > + eprintf("password left unchanged\n");
> > + }
>
>
Received on Tue Sep 25 2018 - 20:34:46 CEST

This archive was generated by hypermail 2.3.0 : Tue Sep 25 2018 - 20:36:22 CEST