From 18bca575107d80ca81241d1429ded62918c5bd2e Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Wed, 20 Apr 2011 19:05:59 -0400 Subject: [PATCH] shadow password fixes: empty fields should read as -1 not 0 --- src/passwd/getspnam_r.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/src/passwd/getspnam_r.c b/src/passwd/getspnam_r.c index d21ca810..9e29aa9c 100644 --- a/src/passwd/getspnam_r.c +++ b/src/passwd/getspnam_r.c @@ -1,6 +1,7 @@ #include #include #include +#include #include "pwf.h" /* This implementation support Openwall-style TCB passwords in place of @@ -10,6 +11,11 @@ * file. It also avoids any allocation to prevent memory-exhaustion * attacks via huge TCB shadow files. */ +static long xatol(const char *s) +{ + return isdigit(*s) ? atol(s) : -1; +} + int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct spwd **res) { char path[20+NAME_MAX]; @@ -64,25 +70,25 @@ int getspnam_r(const char *name, struct spwd *sp, char *buf, size_t size, struct *s++ = 0; sp->sp_pwdp = s; if (!(s = strchr(s, ':'))) continue; - *s++ = 0; sp->sp_lstchg = atol(s); + *s++ = 0; sp->sp_lstchg = xatol(s); if (!(s = strchr(s, ':'))) continue; - *s++ = 0; sp->sp_min = atol(s); + *s++ = 0; sp->sp_min = xatol(s); if (!(s = strchr(s, ':'))) continue; - *s++ = 0; sp->sp_max = atol(s); + *s++ = 0; sp->sp_max = xatol(s); if (!(s = strchr(s, ':'))) continue; - *s++ = 0; sp->sp_warn = atol(s); + *s++ = 0; sp->sp_warn = xatol(s); if (!(s = strchr(s, ':'))) continue; - *s++ = 0; sp->sp_inact = atol(s); + *s++ = 0; sp->sp_inact = xatol(s); if (!(s = strchr(s, ':'))) continue; - *s++ = 0; sp->sp_expire = atol(s); + *s++ = 0; sp->sp_expire = xatol(s); if (!(s = strchr(s, ':'))) continue; - *s++ = 0; sp->sp_flag = atol(s); + *s++ = 0; sp->sp_flag = xatol(s); *res = sp; break; } -- 2.25.1