* libmisc/salt.c: Make sure the salt string is terminated at the

right place (either 8th, or 11th position). * NEWS, src/chgpasswd.c, src/chpasswd.c: The protocol + salt does not need 15 chars. No need for a temporary buffer. This change the fix committed on 2007-11-10. The salt provided to pw_encrypt could have been too long.
2007-11-16 19:02:00 +00:00
parent e163c5fe9c
commit 449f17385a
5 changed files with 30 additions and 16 deletions
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@@ -243,14 +243,15 @@ int main (int argc, char **argv)
 		newpwd = cp;
 		if (!eflg) {
 			if (md5flg) {
-				char tmp[12];
-				char salt[15] = "";
+				char md5salt[12] = "$1$";
+				char *salt = crypt_make_salt ();

-				strcat (tmp, crypt_make_salt ());
-				if (!strncmp (tmp, "$1$", 3))
-					strcat (salt, "$1$");
-				strcat (salt, tmp);
-				cp = pw_encrypt (newpwd, salt);
+				if (strncmp (salt, "$1$", 3) == 0) {
+					strncpy (md5salt, salt, 11);
+				} else {
+					strncat (md5salt, salt, 8);
+				}
+				cp = pw_encrypt (newpwd, md5salt);
 			} else
 				cp = pw_encrypt (newpwd, crypt_make_salt ());
 		}
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -239,13 +239,14 @@ int main (int argc, char **argv)
 		newpwd = cp;
 		if (!eflg) {
 			if (md5flg) {
-				char tmp[12];
-				char salt[15] = "";
+				char md5salt[12] = "$1$";
+				char *salt = crypt_make_salt ();

-				strcat (tmp, crypt_make_salt ());
-				if (!strncmp (tmp, "$1$", 3))
-					strcat (salt, "$1$");
-				strcat (salt, tmp);
+				if (strncmp (salt, "$1$", 3) == 0) {
+					strncpy (md5salt, salt, 11);
+				} else {
+					strncat (md5salt, salt, 8);
+				}
 				cp = pw_encrypt (newpwd, salt);
 			} else
 				cp = pw_encrypt (newpwd, crypt_make_salt ());