mirror of
https://github.com/sheumann/hush.git
synced 2025-01-11 23:29:51 +00:00
chpasswd: fix possible free() or non-allocated string. +8 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
parent
7b46d11582
commit
d2fe2ba08d
@ -33,9 +33,8 @@ static const char chpasswd_longopts[] ALIGN1 =
|
|||||||
int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
|
int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
|
||||||
int chpasswd_main(int argc UNUSED_PARAM, char **argv)
|
int chpasswd_main(int argc UNUSED_PARAM, char **argv)
|
||||||
{
|
{
|
||||||
char *name, *pass;
|
char *name;
|
||||||
char salt[sizeof("$N$XXXXXXXX")];
|
int opt;
|
||||||
int opt, rc;
|
|
||||||
|
|
||||||
if (getuid() != 0)
|
if (getuid() != 0)
|
||||||
bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
|
bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
|
||||||
@ -45,6 +44,10 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
|
|||||||
opt = getopt32(argv, "em");
|
opt = getopt32(argv, "em");
|
||||||
|
|
||||||
while ((name = xmalloc_fgetline(stdin)) != NULL) {
|
while ((name = xmalloc_fgetline(stdin)) != NULL) {
|
||||||
|
char *free_me;
|
||||||
|
char *pass;
|
||||||
|
int rc;
|
||||||
|
|
||||||
pass = strchr(name, ':');
|
pass = strchr(name, ':');
|
||||||
if (!pass)
|
if (!pass)
|
||||||
bb_error_msg_and_die("missing new password");
|
bb_error_msg_and_die("missing new password");
|
||||||
@ -52,7 +55,10 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
|
|||||||
|
|
||||||
xuname2uid(name); /* dies if there is no such user */
|
xuname2uid(name); /* dies if there is no such user */
|
||||||
|
|
||||||
|
free_me = NULL;
|
||||||
if (!(opt & OPT_ENC)) {
|
if (!(opt & OPT_ENC)) {
|
||||||
|
char salt[sizeof("$N$XXXXXXXX")];
|
||||||
|
|
||||||
crypt_make_salt(salt, 1);
|
crypt_make_salt(salt, 1);
|
||||||
if (opt & OPT_MD5) {
|
if (opt & OPT_MD5) {
|
||||||
salt[0] = '$';
|
salt[0] = '$';
|
||||||
@ -60,7 +66,7 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
|
|||||||
salt[2] = '$';
|
salt[2] = '$';
|
||||||
crypt_make_salt(salt + 3, 4);
|
crypt_make_salt(salt + 3, 4);
|
||||||
}
|
}
|
||||||
pass = pw_encrypt(pass, salt, 0);
|
free_me = pass = pw_encrypt(pass, salt, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This is rather complex: if user is not found in /etc/shadow,
|
/* This is rather complex: if user is not found in /etc/shadow,
|
||||||
@ -81,8 +87,7 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
|
|||||||
bb_info_msg("Password for '%s' changed", name);
|
bb_info_msg("Password for '%s' changed", name);
|
||||||
logmode = LOGMODE_STDIO;
|
logmode = LOGMODE_STDIO;
|
||||||
free(name);
|
free(name);
|
||||||
if (!(opt & OPT_ENC))
|
free(free_me);
|
||||||
free(pass);
|
|
||||||
}
|
}
|
||||||
return EXIT_SUCCESS;
|
return EXIT_SUCCESS;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user