aboutsummaryrefslogtreecommitdiff
path: root/loginutils
diff options
context:
space:
mode:
authorNed Ludd <solar@gentoo.org>2006-04-21 00:40:35 +0000
committerNed Ludd <solar@gentoo.org>2006-04-21 00:40:35 +0000
commit791976490b7c8838ccd847e30e9348c2c72b5e88 (patch)
tree2e5824ed9a7c1174687cfe764a2a73528d97c168 /loginutils
parentf162183527874d0027af008dd14a6b21615d27de (diff)
downloadbusybox-791976490b7c8838ccd847e30e9348c2c72b5e88.tar.gz
- passwd doesnt use salt with md5 passwords; bug #604 thanks taviso
Diffstat (limited to 'loginutils')
-rw-r--r--loginutils/passwd.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/loginutils/passwd.c b/loginutils/passwd.c
index 611ced3a4..a1ad02bf0 100644
--- a/loginutils/passwd.c
+++ b/loginutils/passwd.c
@@ -322,6 +322,7 @@ static int new_password(const struct passwd *pw, int amroot, int algo)
char *clear;
char *cipher;
char *cp;
+ char salt[12]; /* "$N$XXXXXXXX" or "XX" */
char orig[200];
char pass[200];
@@ -376,11 +377,18 @@ static int new_password(const struct passwd *pw, int amroot, int algo)
}
memset(cp, 0, strlen(cp));
memset(orig, 0, sizeof(orig));
+ memset(salt, 0, sizeof(salt));
if (algo == 1) {
- cp = pw_encrypt(pass, "$1$");
- } else
- cp = pw_encrypt(pass, crypt_make_salt());
+ strcpy(salt, "$1$");
+ strcat(salt, crypt_make_salt());
+ strcat(salt, crypt_make_salt());
+ strcat(salt, crypt_make_salt());
+ }
+
+ strcat(salt, crypt_make_salt());
+ cp = pw_encrypt(pass, salt);
+
memset(pass, 0, sizeof pass);
safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));
return 0;