[hackers] [ubase] passwd: fix crashes for unencrypted passwords starting with 'x'. || Mario Rugiero

From: <git_AT_suckless.org>
Date: Wed, 30 Jan 2019 12:59:03 +0100 (CET)

commit 140efda3a263b9e6d922633c418fa9846d35731d
Author: Mario Rugiero <mrugiero_AT_gmail.com>
AuthorDate: Tue Sep 25 15:54:25 2018 -0300
Commit: sin <sin_AT_2f30.org>
CommitDate: Wed Jan 30 11:58:55 2019 +0000

    passwd: fix crashes for unencrypted passwords starting with 'x'.
    
    When deciding where the previous hash should come from, is is
    assumed that 'x' started strings all mean to look in shadow.
    This is probably harmless in practice, since modern Linux still
    use only hashes instead of raw passwords.
    However, this is more robust, and more importantly, it is more
    consistent with the previous check, which explicitly tests for
    the string to be "x".

diff --git a/passwd.c b/passwd.c
index afbba9c..0031778 100644
--- a/passwd.c
+++ b/passwd.c
_AT_@ -210,7 +210,8 @@ main(int argc, char *argv[])
                 if (pw->pw_passwd[0] == '\0') {
                         goto newpass;
                 }
- if (pw->pw_passwd[0] == 'x')
+ if (pw->pw_passwd[0] == 'x' &&
+ pw->pw_passwd[1] == '\0')
                         prevhash = spw->sp_pwdp;
                 else
                         prevhash = pw->pw_passwd;
Received on Wed Jan 30 2019 - 12:59:03 CET