ubase

suckless linux base utils
git clone git://git.suckless.org/ubase
Log | Files | Refs | README | LICENSE
commit 4f1b54dd92aa858432f648fc886700f7b369ed84
parent 7ffe3cfacce716b08139c8713f37fd38b4bce6f7
Author: John Regan <john@jrjrtech.com>
Date:   Sat, 29 Sep 2018 14:28:37 -0400

passwd: prevent segfault when running as root

When running as root, passwd attempts to compare the new password to
the old password, without having grabbed the old passwd.

This checks if the previous password hash was grabbed before comparing
it against the new password hash.

Diffstat:

Mpasswd.c | 13++++++++-----


1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/passwd.c b/passwd.c
@@ -235,11 +235,14 @@ newpass:
 		eprintf("getpass:");
 	if (inpass[0] == '\0')
 		eprintf("no password supplied\n");
-	p = crypt(inpass, prevhash);
-	if (!p)
-		eprintf("crypt:");
-	if (cryptpass1 && strcmp(cryptpass1, p) == 0)
-		eprintf("password left unchanged\n");
+
+	if(prevhash) {
+		p = crypt(inpass, prevhash);
+		if (!p)
+			eprintf("crypt:");
+		if (cryptpass1 && strcmp(cryptpass1, p) == 0)
+			eprintf("password left unchanged\n");
+	}
 	gensalt(salt + strlen(salt));
 	p = crypt(inpass, salt);
 	if (!p)