From 12a432715f066cf9d677316a39c9e0ebc6d72404 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Fri, 13 May 2011 03:19:01 +0200 Subject: adduser: safe username passing to passwd/addgroup passwd: support creating SHA passwords random code shrink function old new delta crypt_make_pw_salt - 87 +87 adduser_main 883 904 +21 ... crypt_make_salt 99 89 -10 chpasswd_main 329 312 -17 packed_usage 28731 28691 -40 passwd_main 1070 1000 -70 cryptpw_main 310 224 -86 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 4/12 up/down: 154/-288) Total: -134 bytes Signed-off-by: Denys Vlasenko --- loginutils/adduser.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'loginutils/adduser.c') diff --git a/loginutils/adduser.c b/loginutils/adduser.c index 1944d9d56..a05b72158 100644 --- a/loginutils/adduser.c +++ b/loginutils/adduser.c @@ -82,21 +82,23 @@ static void passwd_study(struct passwd *p) static void addgroup_wrapper(struct passwd *p, const char *group_name) { - char *argv[5]; + char *argv[6]; argv[0] = (char*)"addgroup"; if (group_name) { /* Add user to existing group */ - argv[1] = p->pw_name; - argv[2] = (char*)group_name; - argv[3] = NULL; + argv[1] = (char*)"--"; + argv[2] = p->pw_name; + argv[3] = (char*)group_name; + argv[4] = NULL; } else { /* Add user to his own group with the first free gid found in passwd_study */ //TODO: to be compatible with external addgroup programs we should use --gid instead... argv[1] = (char*)"-g"; argv[2] = utoa(p->pw_gid); - argv[3] = p->pw_name; - argv[4] = NULL; + argv[3] = (char*)"--"; + argv[4] = p->pw_name; + argv[5] = NULL; } spawn_and_wait(argv); @@ -106,7 +108,7 @@ static void passwd_wrapper(const char *login_name) NORETURN; static void passwd_wrapper(const char *login_name) { - BB_EXECLP("passwd", "passwd", login_name, NULL); + BB_EXECLP("passwd", "passwd", "--", login_name, NULL); bb_error_msg_and_die("can't execute passwd, you must set password manually"); } -- cgit v1.2.3