Review 52a38d5509

* Changelog: Update documentation of 2013-07-28 mancha entry. * lib/prototypes.h, lib/encrypt.c: Update splint marker, pw_encrypt can return NULL. * lib/encrypt.c: Fix outdated statement on GNU crypt. * src/chgpasswd.c: Improve diagnostic to user when pw_encrypt fails and use fail_exit() instead of exit(). * src/chpasswd.c: Likewise. * src/newusers.c: Likewise. * src/passwd.c: Likewise when new password is encrypted. * src/newgrp.c: Improve diagnostic to user and syslog when pw_encrypt fails. Do not apply 1s penalty as this is not an invalid password issue. * src/passwd.c: Likewise when password is checked.
2013-08-03 23:07:06 +02:00
parent ee1952424d
commit e8ab31d009
10 changed files with 129 additions and 60 deletions
--- a/lib/encrypt.c
+++ b/lib/encrypt.c
@@ -40,22 +40,22 @@
 #include "prototypes.h"
 #include "defines.h"

-/*@exposed@*/char *pw_encrypt (const char *clear, const char *salt)
+/*@exposed@*//*@null@*/char *pw_encrypt (const char *clear, const char *salt)
 {
 	static char cipher[128];
 	char *cp;

 	cp = crypt (clear, salt);
-	if (!cp) {
+	if (NULL == cp) {
 		/*
 		 * Single Unix Spec: crypt() may return a null pointer,
 		 * and set errno to indicate an error. In this case return
 		 * the NULL so the caller can handle appropriately.
 		 */
-		return cp;
+		return NULL;
 	}

-	/* The GNU crypt does not return NULL if the algorithm is not
+	/* Some crypt() do not return NULL if the algorithm is not
 	 * supported, and return a DES encrypted password. */
 	if ((NULL != salt) && (salt[0] == '$') && (strlen (cp) <= 13))
 	{
--- a/lib/prototypes.h
+++ b/lib/prototypes.h
@@ -124,7 +124,7 @@ extern int copy_tree (const char *src_root, const char *dst_root,
                      gid_t old_gid, gid_t new_gid);

 /* encrypt.c */
-extern /*@exposed@*/char *pw_encrypt (const char *, const char *);
+extern /*@exposed@*//*@null@*/char *pw_encrypt (const char *, const char *);

 /* entry.c */
 extern void pw_entry (const char *, struct passwd *);
--- a/lib/pwauth.c
+++ b/lib/pwauth.c
@@ -179,10 +179,11 @@ int pw_auth (const char *cipher,
 	 */

 	encrypted = pw_encrypt (input, cipher);
-	if (encrypted!=NULL)
+	if (NULL != encrypted) {
 		retval = strcmp (encrypted, cipher);
-	else
+	} else {
 		retval = -1;
+	}

 #ifdef  SKEY
 	/*