appletlib.c: make it actally follow _BB_SUID_ALWAYS rules

adduser: implement -S and code shrink / fix uid selection *: sanitize getspnam_r use text data bss dec hex filename 777042 974 9676 787692 c04ec busybox_old 776883 974 9676 787533 c044d busybox_unstripped
2007-10-29 19:25:45 +00:00
parent 5a28a25b9d
commit 15ca51e3e2
7 changed files with 121 additions and 153 deletions
--- a/libbb/correct_password.c
+++ b/libbb/correct_password.c
@@ -40,6 +40,11 @@ int correct_password(const struct passwd *pw)
 {
 	char *unencrypted, *encrypted;
 	const char *correct;
+#if ENABLE_FEATURE_SHADOWPASSWDS
+	/* Using _r function to avoid pulling in static buffers */
+	struct spwd spw;
+	char buffer[256];
+#endif

 	/* fake salt. crypt() can choke otherwise. */
 	correct = "aa";
@@ -50,11 +55,11 @@ int correct_password(const struct passwd *pw)
 	correct = pw->pw_passwd;
 #if ENABLE_FEATURE_SHADOWPASSWDS
 	if ((correct[0] == 'x' || correct[0] == '*') && !correct[1]) {
-		/* Using _r function to avoid pulling in static buffers */
-		struct spwd spw;
-		struct spwd *result;
-		char buffer[256];
-		correct = (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)) ? "aa" : spw.sp_pwdp;
+		/* getspnam_r may return 0 yet set result to NULL.
+		 * At least glibc 2.4 does this. Be extra paranoid here. */
+		struct spwd *result = NULL;
+		int r = getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result);
+		correct = (r || !result) ? "aa" : result->sp_pwdp;
 	}
 #endif