chpasswd: fix possible free() or non-allocated string. +8 bytes
authorDenys Vlasenko <vda.linux@googlemail.com>
Sun, 11 Sep 2011 10:25:59 +0000 (12:25 +0200)
committerDenys Vlasenko <vda.linux@googlemail.com>
Sun, 11 Sep 2011 10:25:59 +0000 (12:25 +0200)
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
loginutils/chpasswd.c

index 2262b792a34b12ee1e6cf7d74b9da8044a4334d9..b7df57e5d461313e52f510750167b31f6dbffec2 100644 (file)
@@ -33,9 +33,8 @@ static const char chpasswd_longopts[] ALIGN1 =
 int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int chpasswd_main(int argc UNUSED_PARAM, char **argv)
 {
-       char *name, *pass;
-       char salt[sizeof("$N$XXXXXXXX")];
-       int opt, rc;
+       char *name;
+       int opt;
 
        if (getuid() != 0)
                bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
@@ -45,6 +44,10 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
        opt = getopt32(argv, "em");
 
        while ((name = xmalloc_fgetline(stdin)) != NULL) {
+               char *free_me;
+               char *pass;
+               int rc;
+
                pass = strchr(name, ':');
                if (!pass)
                        bb_error_msg_and_die("missing new password");
@@ -52,7 +55,10 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
 
                xuname2uid(name); /* dies if there is no such user */
 
+               free_me = NULL;
                if (!(opt & OPT_ENC)) {
+                       char salt[sizeof("$N$XXXXXXXX")];
+
                        crypt_make_salt(salt, 1);
                        if (opt & OPT_MD5) {
                                salt[0] = '$';
@@ -60,7 +66,7 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
                                salt[2] = '$';
                                crypt_make_salt(salt + 3, 4);
                        }
-                       pass = pw_encrypt(pass, salt, 0);
+                       free_me = pass = pw_encrypt(pass, salt, 0);
                }
 
                /* This is rather complex: if user is not found in /etc/shadow,
@@ -81,8 +87,7 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
                        bb_info_msg("Password for '%s' changed", name);
                logmode = LOGMODE_STDIO;
                free(name);
-               if (!(opt & OPT_ENC))
-                       free(pass);
+               free(free_me);
        }
        return EXIT_SUCCESS;
 }