From: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Date: Fri, 19 May 2006 10:13:09 +0000 (-0000)
Subject: - passwd doesnt use salt with md5 passwords; bug #604 thanks taviso
X-Git-Tag: 1_1_3~7
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=cc8e90d1fbaad77ba6748635792aad7121c212bb;p=oweals%2Fbusybox.git

- passwd doesnt use salt with md5 passwords; bug #604 thanks taviso
  (r14930 from trunk)
---

diff --git a/loginutils/passwd.c b/loginutils/passwd.c
index 611ced3a4..a1ad02bf0 100644
--- a/loginutils/passwd.c
+++ b/loginutils/passwd.c
@@ -322,6 +322,7 @@ static int new_password(const struct passwd *pw, int amroot, int algo)
 	char *clear;
 	char *cipher;
 	char *cp;
+	char salt[12]; /* "$N$XXXXXXXX" or "XX" */
 	char orig[200];
 	char pass[200];
 
@@ -376,11 +377,18 @@ static int new_password(const struct passwd *pw, int amroot, int algo)
 	}
 	memset(cp, 0, strlen(cp));
 	memset(orig, 0, sizeof(orig));
+	memset(salt, 0, sizeof(salt));
 
 	if (algo == 1) {
-		cp = pw_encrypt(pass, "$1$");
-	} else
-		cp = pw_encrypt(pass, crypt_make_salt());
+		strcpy(salt, "$1$");
+		strcat(salt, crypt_make_salt());
+		strcat(salt, crypt_make_salt());
+		strcat(salt, crypt_make_salt());
+	}
+
+	strcat(salt, crypt_make_salt());
+	cp = pw_encrypt(pass, salt);
+
 	memset(pass, 0, sizeof pass);
 	safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));
 	return 0;