You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
195 lines
6.6 KiB
195 lines
6.6 KiB
diff -up shadow-4.1.5.1/lib/encrypt.c.crypt-null shadow-4.1.5.1/lib/encrypt.c |
|
--- shadow-4.1.5.1/lib/encrypt.c.crypt-null 2010-08-22 15:05:02.000000000 +0200 |
|
+++ shadow-4.1.5.1/lib/encrypt.c 2013-07-25 12:27:30.438355782 +0200 |
|
@@ -49,11 +49,10 @@ |
|
if (!cp) { |
|
/* |
|
* Single Unix Spec: crypt() may return a null pointer, |
|
- * and set errno to indicate an error. The caller doesn't |
|
- * expect us to return NULL, so... |
|
+ * and set errno to indicate an error. In this case return |
|
+ * the NULL so the caller can handle appropriately. |
|
*/ |
|
- perror ("crypt"); |
|
- exit (EXIT_FAILURE); |
|
+ return cp; |
|
} |
|
|
|
/* The GNU crypt does not return NULL if the algorithm is not |
|
diff -up shadow-4.1.5.1/libmisc/valid.c.crypt-null shadow-4.1.5.1/libmisc/valid.c |
|
--- shadow-4.1.5.1/libmisc/valid.c.crypt-null 2010-08-22 21:14:41.000000000 +0200 |
|
+++ shadow-4.1.5.1/libmisc/valid.c 2013-07-25 12:27:30.440355847 +0200 |
|
@@ -95,6 +95,7 @@ bool valid (const char *password, const |
|
*/ |
|
|
|
if ( (NULL != ent->pw_name) |
|
+ && (NULL != encrypted) |
|
&& (strcmp (encrypted, ent->pw_passwd) == 0)) { |
|
return true; |
|
} else { |
|
diff -up shadow-4.1.5.1/lib/pwauth.c.crypt-null shadow-4.1.5.1/lib/pwauth.c |
|
--- shadow-4.1.5.1/lib/pwauth.c.crypt-null 2009-07-13 00:24:48.000000000 +0200 |
|
+++ shadow-4.1.5.1/lib/pwauth.c 2013-07-25 12:27:30.438355782 +0200 |
|
@@ -73,6 +73,7 @@ int pw_auth (const char *cipher, |
|
char prompt[1024]; |
|
char *clear = NULL; |
|
const char *cp; |
|
+ const char *encrypted; |
|
int retval; |
|
|
|
#ifdef SKEY |
|
@@ -177,7 +178,11 @@ int pw_auth (const char *cipher, |
|
* the results there as well. |
|
*/ |
|
|
|
- retval = strcmp (pw_encrypt (input, cipher), cipher); |
|
+ encrypted = pw_encrypt (input, cipher); |
|
+ if (encrypted!=NULL) |
|
+ retval = strcmp (encrypted, cipher); |
|
+ else |
|
+ retval = -1; |
|
|
|
#ifdef SKEY |
|
/* |
|
diff -up shadow-4.1.5.1/src/chgpasswd.c.crypt-null shadow-4.1.5.1/src/chgpasswd.c |
|
--- shadow-4.1.5.1/src/chgpasswd.c.crypt-null 2011-12-09 22:31:40.000000000 +0100 |
|
+++ shadow-4.1.5.1/src/chgpasswd.c 2013-07-25 12:27:30.440355847 +0200 |
|
@@ -469,6 +469,10 @@ int main (int argc, char **argv) |
|
#endif |
|
cp = pw_encrypt (newpwd, |
|
crypt_make_salt (crypt_method, arg)); |
|
+ if (cp == NULL) { |
|
+ perror ("crypt"); |
|
+ exit (EXIT_FAILURE); |
|
+ } |
|
} |
|
|
|
/* |
|
diff -up shadow-4.1.5.1/src/chpasswd.c.crypt-null shadow-4.1.5.1/src/chpasswd.c |
|
--- shadow-4.1.5.1/src/chpasswd.c.crypt-null 2011-12-09 22:31:40.000000000 +0100 |
|
+++ shadow-4.1.5.1/src/chpasswd.c 2013-07-25 12:27:30.440355847 +0200 |
|
@@ -492,6 +492,10 @@ int main (int argc, char **argv) |
|
#endif |
|
cp = pw_encrypt (newpwd, |
|
crypt_make_salt(crypt_method, arg)); |
|
+ if (cp == NULL) { |
|
+ perror ("crypt"); |
|
+ exit (EXIT_FAILURE); |
|
+ } |
|
} |
|
|
|
/* |
|
diff -up shadow-4.1.5.1/src/gpasswd.c.crypt-null shadow-4.1.5.1/src/gpasswd.c |
|
--- shadow-4.1.5.1/src/gpasswd.c.crypt-null 2011-11-19 23:55:04.000000000 +0100 |
|
+++ shadow-4.1.5.1/src/gpasswd.c 2013-07-25 12:27:30.441355866 +0200 |
|
@@ -939,6 +939,10 @@ static void change_passwd (struct group |
|
} |
|
|
|
cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL)); |
|
+ if (cp==NULL) { |
|
+ perror ("crypt"); |
|
+ exit (EXIT_FAILURE); |
|
+ } |
|
memzero (pass, sizeof pass); |
|
#ifdef SHADOWGRP |
|
if (is_shadowgrp) { |
|
diff -up shadow-4.1.5.1/src/newgrp.c.crypt-null shadow-4.1.5.1/src/newgrp.c |
|
--- shadow-4.1.5.1/src/newgrp.c.crypt-null 2011-07-30 03:50:01.000000000 +0200 |
|
+++ shadow-4.1.5.1/src/newgrp.c 2013-07-25 12:27:30.442355881 +0200 |
|
@@ -184,7 +184,8 @@ static void check_perms (const struct gr |
|
cpasswd = pw_encrypt (cp, grp->gr_passwd); |
|
strzero (cp); |
|
|
|
- if (grp->gr_passwd[0] == '\0' || |
|
+ if (cpasswd == NULL || |
|
+ grp->gr_passwd[0] == '\0' || |
|
strcmp (cpasswd, grp->gr_passwd) != 0) { |
|
#ifdef WITH_AUDIT |
|
snprintf (audit_buf, sizeof(audit_buf), |
|
diff -up shadow-4.1.5.1/src/newusers.c.crypt-null shadow-4.1.5.1/src/newusers.c |
|
--- shadow-4.1.5.1/src/newusers.c.crypt-null 2011-12-09 22:31:40.000000000 +0100 |
|
+++ shadow-4.1.5.1/src/newusers.c 2013-07-25 12:27:30.442355881 +0200 |
|
@@ -387,6 +387,7 @@ static int add_user (const char *name, u |
|
static void update_passwd (struct passwd *pwd, const char *password) |
|
{ |
|
void *crypt_arg = NULL; |
|
+ char *cp; |
|
if (crypt_method != NULL) { |
|
#ifdef USE_SHA_CRYPT |
|
if (sflg) { |
|
@@ -398,9 +399,13 @@ static void update_passwd (struct passwd |
|
if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) { |
|
pwd->pw_passwd = (char *)password; |
|
} else { |
|
- pwd->pw_passwd = pw_encrypt (password, |
|
- crypt_make_salt (crypt_method, |
|
- crypt_arg)); |
|
+ cp=pw_encrypt (password, crypt_make_salt (crypt_method, |
|
+ crypt_arg)); |
|
+ if (cp == NULL) { |
|
+ perror ("crypt"); |
|
+ exit (EXIT_FAILURE); |
|
+ } |
|
+ pwd->pw_passwd = cp; |
|
} |
|
} |
|
#endif /* !USE_PAM */ |
|
@@ -412,6 +417,7 @@ static int add_passwd (struct passwd *pw |
|
{ |
|
const struct spwd *sp; |
|
struct spwd spent; |
|
+ char *cp; |
|
|
|
#ifndef USE_PAM |
|
void *crypt_arg = NULL; |
|
@@ -448,7 +454,12 @@ static int add_passwd (struct passwd *pw |
|
} else { |
|
const char *salt = crypt_make_salt (crypt_method, |
|
crypt_arg); |
|
- spent.sp_pwdp = pw_encrypt (password, salt); |
|
+ cp = pw_encrypt (password, salt); |
|
+ if (cp == NULL) { |
|
+ perror ("crypt"); |
|
+ exit (EXIT_FAILURE); |
|
+ } |
|
+ spent.sp_pwdp = cp; |
|
} |
|
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE; |
|
if (0 == spent.sp_lstchg) { |
|
@@ -492,7 +503,12 @@ static int add_passwd (struct passwd *pw |
|
spent.sp_pwdp = (char *)password; |
|
} else { |
|
const char *salt = crypt_make_salt (crypt_method, crypt_arg); |
|
- spent.sp_pwdp = pw_encrypt (password, salt); |
|
+ cp = pw_encrypt (password, salt); |
|
+ if (cp == NULL) { |
|
+ perror ("crypt"); |
|
+ exit (EXIT_FAILURE); |
|
+ } |
|
+ spent.sp_pwdp = cp; |
|
} |
|
#else |
|
/* |
|
diff -up shadow-4.1.5.1/src/passwd.c.crypt-null shadow-4.1.5.1/src/passwd.c |
|
--- shadow-4.1.5.1/src/passwd.c.crypt-null 2012-02-13 21:32:01.000000000 +0100 |
|
+++ shadow-4.1.5.1/src/passwd.c 2013-07-25 12:27:30.443355896 +0200 |
|
@@ -242,7 +242,7 @@ static int new_password (const struct pa |
|
} |
|
|
|
cipher = pw_encrypt (clear, crypt_passwd); |
|
- if (strcmp (cipher, crypt_passwd) != 0) { |
|
+ if ((cipher == NULL) || (strcmp (cipher, crypt_passwd) != 0)) { |
|
strzero (clear); |
|
strzero (cipher); |
|
SYSLOG ((LOG_WARN, "incorrect password for %s", |
|
@@ -349,6 +349,10 @@ static int new_password (const struct pa |
|
* Encrypt the password, then wipe the cleartext password. |
|
*/ |
|
cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL)); |
|
+ if (cp == NULL) { |
|
+ perror ("crypt"); |
|
+ exit (EXIT_FAILURE); |
|
+ } |
|
memzero (pass, sizeof pass); |
|
|
|
#ifdef HAVE_LIBCRACK_HIST
|
|
|