From 15ca51e3e2a31efc275b616106244d8ec3f8f773 Mon Sep 17 00:00:00 2001
From: Denis Vlasenko <vda.linux@googlemail.com>
Date: Mon, 29 Oct 2007 19:25:45 +0000
Subject: appletlib.c: make it actally follow _BB_SUID_ALWAYS rules adduser:
 implement -S and code shrink / fix uid selection *: sanitize getspnam_r use

   text    data     bss     dec     hex filename
 777042     974    9676  787692   c04ec busybox_old
 776883     974    9676  787533   c044d busybox_unstripped
---
 libbb/correct_password.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'libbb/correct_password.c')

diff --git a/libbb/correct_password.c b/libbb/correct_password.c
index f1793cd17..96bb10e0b 100644
--- a/libbb/correct_password.c
+++ b/libbb/correct_password.c
@@ -40,6 +40,11 @@ int correct_password(const struct passwd *pw)
 {
 	char *unencrypted, *encrypted;
 	const char *correct;
+#if ENABLE_FEATURE_SHADOWPASSWDS
+	/* Using _r function to avoid pulling in static buffers */
+	struct spwd spw;
+	char buffer[256];
+#endif
 
 	/* fake salt. crypt() can choke otherwise. */
 	correct = "aa";
@@ -50,11 +55,11 @@ int correct_password(const struct passwd *pw)
 	correct = pw->pw_passwd;
 #if ENABLE_FEATURE_SHADOWPASSWDS
 	if ((correct[0] == 'x' || correct[0] == '*') && !correct[1]) {
-		/* Using _r function to avoid pulling in static buffers */
-		struct spwd spw;
-		struct spwd *result;
-		char buffer[256];
-		correct = (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)) ? "aa" : spw.sp_pwdp;
+		/* getspnam_r may return 0 yet set result to NULL.
+		 * At least glibc 2.4 does this. Be extra paranoid here. */
+		struct spwd *result = NULL;
+		int r = getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result);
+		correct = (r || !result) ? "aa" : result->sp_pwdp;
 	}
 #endif
 
-- 
cgit v1.2.3