diff options
| author | Ned Ludd <solar@gentoo.org> | 2006-04-21 00:40:35 +0000 |
|---|---|---|
| committer | Ned Ludd <solar@gentoo.org> | 2006-04-21 00:40:35 +0000 |
| commit | 791976490b7c8838ccd847e30e9348c2c72b5e88 (patch) | |
| tree | 2e5824ed9a7c1174687cfe764a2a73528d97c168 /loginutils | |
| parent | f162183527874d0027af008dd14a6b21615d27de (diff) | |
| download | busybox-791976490b7c8838ccd847e30e9348c2c72b5e88.tar.gz | |
- passwd doesnt use salt with md5 passwords; bug #604 thanks taviso
Diffstat (limited to 'loginutils')
| -rw-r--r-- | loginutils/passwd.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/loginutils/passwd.c b/loginutils/passwd.c index 611ced3a4..a1ad02bf0 100644 --- a/loginutils/passwd.c +++ b/loginutils/passwd.c @@ -322,6 +322,7 @@ static int new_password(const struct passwd *pw, int amroot, int algo) char *clear; char *cipher; char *cp; + char salt[12]; /* "$N$XXXXXXXX" or "XX" */ char orig[200]; char pass[200]; @@ -376,11 +377,18 @@ static int new_password(const struct passwd *pw, int amroot, int algo) } memset(cp, 0, strlen(cp)); memset(orig, 0, sizeof(orig)); + memset(salt, 0, sizeof(salt)); if (algo == 1) { - cp = pw_encrypt(pass, "$1$"); - } else - cp = pw_encrypt(pass, crypt_make_salt()); + strcpy(salt, "$1$"); + strcat(salt, crypt_make_salt()); + strcat(salt, crypt_make_salt()); + strcat(salt, crypt_make_salt()); + } + + strcat(salt, crypt_make_salt()); + cp = pw_encrypt(pass, salt); + memset(pass, 0, sizeof pass); safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd)); return 0; |