39 lines
1.2 KiB
Diff
39 lines
1.2 KiB
Diff
From 6cbce81df97a16363c46cbd1e8202c3b4f0a2205 Mon Sep 17 00:00:00 2001
|
|
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
|
Date: Sun, 19 Jan 2025 21:23:54 +0100
|
|
Subject: [PATCH] lib/encrypt.c: Do not exit in error case
|
|
|
|
If crypt fails, pw_encrypt calls exit. This has the consequence that the
|
|
plaintext password is not cleared.
|
|
|
|
A valid password can fail if the underlying library does not support it.
|
|
One such example is SHA512, for which the password must not be longer
|
|
than 256 characters on musl. A password longer than this with glibc
|
|
works, so it is actually possible that a user, running passwd, tries to
|
|
enter the old password but the musl-based passwd binary simply exits.
|
|
Let passwd clear the password before exiting.
|
|
|
|
Reviewed-by: Alejandro Colomar <alx@kernel.org>
|
|
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
|
---
|
|
lib/encrypt.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/lib/encrypt.c b/lib/encrypt.c
|
|
index c84a2552..9c1cb406 100644
|
|
--- a/lib/encrypt.c
|
|
+++ b/lib/encrypt.c
|
|
@@ -65,7 +65,8 @@
|
|
(void) fprintf (shadow_logfd,
|
|
_("crypt method not supported by libcrypt? (%s)\n"),
|
|
method);
|
|
- exit (EXIT_FAILURE);
|
|
+ errno = EINVAL;
|
|
+ return NULL;
|
|
}
|
|
|
|
if (strlen (cp) != 13) {
|
|
--
|
|
2.33.0
|
|
|