- passwd doesnt use salt with md5 passwords; bug #604 thanks taviso

author Ned Ludd <solar@gentoo.org>

Fri, 21 Apr 2006 00:40:35 +0000 (00:40 -0000)

committer Ned Ludd <solar@gentoo.org>

Fri, 21 Apr 2006 00:40:35 +0000 (00:40 -0000)
author Ned Ludd <solar@gentoo.org>
Fri, 21 Apr 2006 00:40:35 +0000 (00:40 -0000)
committer Ned Ludd <solar@gentoo.org>
Fri, 21 Apr 2006 00:40:35 +0000 (00:40 -0000)
diff --git a/loginutils/passwd.c b/loginutils/passwd.c

index 611ced3a4f2e33ab262da76852599436675b152b..a1ad02bf084bf9e29ecfa1dbf57486e3e193d43c 100644 (file)
--- a/loginutils/passwd.c
+++ b/loginutils/passwd.c
@@ -322,6 +322,7 @@ static int new_password(const struct passwd *pw, int amroot, int algo)
         char *clear;
         char *cipher;
         char *cp;
+       char salt[12]; /* "$N$XXXXXXXX" or "XX" */
         char orig[200];
         char pass[200];
  
@@ -376,11 +377,18 @@ static int new_password(const struct passwd *pw, int amroot, int algo)
         }
         memset(cp, 0, strlen(cp));
         memset(orig, 0, sizeof(orig));
+       memset(salt, 0, sizeof(salt));
  
         if (algo == 1) {
-               cp = pw_encrypt(pass, "$1$");
-       } else
-               cp = pw_encrypt(pass, crypt_make_salt());
+               strcpy(salt, "$1$");
+               strcat(salt, crypt_make_salt());
+               strcat(salt, crypt_make_salt());
+               strcat(salt, crypt_make_salt());
+       }
+
+       strcat(salt, crypt_make_salt());
+       cp = pw_encrypt(pass, salt);
+
         memset(pass, 0, sizeof pass);
         safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));
         return 0;
author	Ned Ludd <solar@gentoo.org>
	Fri, 21 Apr 2006 00:40:35 +0000 (00:40 -0000)
committer	Ned Ludd <solar@gentoo.org>
	Fri, 21 Apr 2006 00:40:35 +0000 (00:40 -0000)