Denis Vlasenko spotted the lack of bounds checking in my first attempt at

[oweals/busybox.git] / libbb / correct_password.c

diff --git a/libbb/correct_password.c b/libbb/correct_password.c
index 570aa7e86fca02d7323da1b2903c1ccce54446b4..527b3100b5c0c2d878ea1465a48e356036b37beb 100644 (file)
--- a/libbb/correct_password.c
+++ b/libbb/correct_password.c
@@ -55,13 +55,13 @@ int correct_password ( const struct passwd *pw )
                struct spwd *sp = getspnam ( pw-> pw_name );
 
                if ( !sp )
-                       bb_error_msg_and_die ( "no valid shadow password" );
+                       bb_error_msg_and_die ( "\nno valid shadow password" );
 
                correct = sp-> sp_pwdp;
        }
        else
 #endif
-       correct = pw-> pw_passwd;
+               correct = pw-> pw_passwd;
 
        if ( correct == 0 || correct[0] == '\0' )
                return 1;
@@ -72,6 +72,6 @@ int correct_password ( const struct passwd *pw )
                return 0;
        }
        encrypted = crypt ( unencrypted, correct );
-       memset ( unencrypted, 0, bb_strlen ( unencrypted ));
+       memset ( unencrypted, 0, strlen ( unencrypted ));
        return ( strcmp ( encrypted, correct ) == 0 ) ? 1 : 0;
 }