* src/newgrp.c: Do not give an indication that the group has no

password. * src/newgrp.c: Do not only bail on syslog if the password is not valid. Also give an indication to the user on stderr.
2007-11-17 21:03:33 +00:00 · 2007-11-17 21:03:33 +00:00 · 1f4488f963
commit 1f4488f963
parent 225b096838
2 changed files with 10 additions and 11 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
 2007-11-17  Nicolas François  <nicolas.francois@centraliens.net>
 	* src/newgrp.c: Do not give an indication that the group has no
 	password.
 	* src/newgrp.c: Do not only bail on syslog if the password is not
 	valid. Also give an indication to the user on stderr.
 2007-11-17  Nicolas François  <nicolas.francois@centraliens.net>
 	Fixes from Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff:
--- a/src/newgrp.c
+++ b/src/newgrp.c
@ -377,16 +377,6 @@ int main (int argc, char **argv)
 	 * of the tests above.
 	 */
 	if (getuid () != 0 && needspasswd) {
 		if (grp->gr_passwd[0] == '\0') {
 			/*
 			 * there is no password, print out "No password."
 			 * and give up
 			 */
 			sleep (1);
 			fputs (_("No password.\n"), stderr);
 			goto failure;
 		}
 		/*
 		 * get the password from her, and set the salt for
 		 * the decryption from the group file.
@ -402,11 +392,13 @@ int main (int argc, char **argv)
 		cpasswd = pw_encrypt (cp, grp->gr_passwd);
 		strzero (cp);
-		if (strcmp (cpasswd, grp->gr_passwd) != 0) {
+		if (grp->gr_passwd[0] == '\0' ||
 		    strcmp (cpasswd, grp->gr_passwd) != 0) {
 			SYSLOG ((LOG_INFO,
 				 "Invalid password for group `%s' from `%s'",
 				 group, name));
 			sleep (1);
 			fputs (_("Invalid password."), stderr);
 			goto failure;
 		}
 	}