diff options
author | Denys Vlasenko <vda.linux@googlemail.com> | 2011-09-11 12:25:59 +0200 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2011-09-11 12:25:59 +0200 |
commit | d2fe2ba08dd84cd7e94d1ae3e2e9c12ca2b4d561 (patch) | |
tree | a7daa0a4c9c16e38465598c2c9b039061c65cd60 /loginutils/chpasswd.c | |
parent | 7b46d11582047d0dd21b547ff4a913defe646d40 (diff) |
chpasswd: fix possible free() or non-allocated string. +8 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'loginutils/chpasswd.c')
-rw-r--r-- | loginutils/chpasswd.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/loginutils/chpasswd.c b/loginutils/chpasswd.c index 2262b792a..b7df57e5d 100644 --- a/loginutils/chpasswd.c +++ b/loginutils/chpasswd.c @@ -33,9 +33,8 @@ static const char chpasswd_longopts[] ALIGN1 = int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; int chpasswd_main(int argc UNUSED_PARAM, char **argv) { - char *name, *pass; - char salt[sizeof("$N$XXXXXXXX")]; - int opt, rc; + char *name; + int opt; if (getuid() != 0) bb_error_msg_and_die(bb_msg_perm_denied_are_you_root); @@ -45,6 +44,10 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv) opt = getopt32(argv, "em"); while ((name = xmalloc_fgetline(stdin)) != NULL) { + char *free_me; + char *pass; + int rc; + pass = strchr(name, ':'); if (!pass) bb_error_msg_and_die("missing new password"); @@ -52,7 +55,10 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv) xuname2uid(name); /* dies if there is no such user */ + free_me = NULL; if (!(opt & OPT_ENC)) { + char salt[sizeof("$N$XXXXXXXX")]; + crypt_make_salt(salt, 1); if (opt & OPT_MD5) { salt[0] = '$'; @@ -60,7 +66,7 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv) salt[2] = '$'; crypt_make_salt(salt + 3, 4); } - pass = pw_encrypt(pass, salt, 0); + free_me = pass = pw_encrypt(pass, salt, 0); } /* This is rather complex: if user is not found in /etc/shadow, @@ -81,8 +87,7 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv) bb_info_msg("Password for '%s' changed", name); logmode = LOGMODE_STDIO; free(name); - if (!(opt & OPT_ENC)) - free(pass); + free(free_me); } return EXIT_SUCCESS; } |