From 318d31bc96dc81d8435a7ce3534b473099a41ca5 Mon Sep 17 00:00:00 2001 From: Mike Lowis Date: Wed, 25 May 2016 15:31:57 -0400 Subject: [PATCH] Fixed a possible bug in password comparison logic --- source/login.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/source/login.c b/source/login.c index 78a96c6b..5c052bbc 100644 --- a/source/login.c +++ b/source/login.c @@ -4,10 +4,11 @@ @license BSD 2-clause License */ #include "util.h" +#include #include #include +#include #include -#include #define ENV_PATH "/bin" @@ -46,7 +47,7 @@ static char* get_pass(void) { } static struct passwd* check_pass(const char* user, char* pass) { - struct spwd* spw; + struct spwd* spw = NULL; /* get the passwd entry */ struct passwd* pwentry = getpwnam(user); if (!pwentry || errno) @@ -58,7 +59,7 @@ static struct passwd* check_pass(const char* user, char* pass) { } /* Handle blank pass or blank pass entry */ if ((pwentry->pw_passwd[0] == '\0') || (pass[0] == '\0')) { - warn("incorrect password\n"); + warn("blank passwords are not allowed\n"); return NULL; } /* Get the shadow entry */ @@ -66,16 +67,18 @@ static struct passwd* check_pass(const char* user, char* pass) { errno = 0; spw = getspnam(pwentry->pw_name); if (!spw || errno) - die("could not retrieve shadow entry for %s", user); + die("could not retrieve shadow entry for %s: %s", pwentry->pw_name, errnostr()); if (spw->sp_pwdp[0] == '!' || spw->sp_pwdp[0] == '*') { warn("access denied\n"); return NULL; } + } /* Check the password */ - char* cryptpass = crypt(pass, spw->sp_pwdp); - if (strcmp(cryptpass, spw->sp_pwdp) != 0) { + char* refpass = (spw ? spw->sp_pwdp : pwentry->pw_passwd); + char* cryptpass = crypt(pass, refpass); + if (strcmp(cryptpass, refpass) != 0) { warn("incorrect password"); return NULL; } -- 2.49.0