1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
--- busybox-1.19.2/loginutils/chpasswd.c
+++ busybox-1.19.2-chpasswd/loginutils/chpasswd.c
@@ -33,9 +33,8 @@ static const char chpasswd_longopts[] AL
int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
int chpasswd_main(int argc UNUSED_PARAM, char **argv)
{
- char *name, *pass;
- char salt[sizeof("$N$XXXXXXXX")];
- int opt, rc;
+ char *name;
+ int opt;
if (getuid() != 0)
bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
@@ -45,6 +44,10 @@ int chpasswd_main(int argc UNUSED_PARAM,
opt = getopt32(argv, "em");
while ((name = xmalloc_fgetline(stdin)) != NULL) {
+ char *free_me;
+ char *pass;
+ int rc;
+
pass = strchr(name, ':');
if (!pass)
bb_error_msg_and_die("missing new password");
@@ -52,7 +55,10 @@ int chpasswd_main(int argc UNUSED_PARAM,
xuname2uid(name); /* dies if there is no such user */
+ free_me = NULL;
if (!(opt & OPT_ENC)) {
+ char salt[sizeof("$N$XXXXXXXX")];
+
crypt_make_salt(salt, 1);
if (opt & OPT_MD5) {
salt[0] = '$';
@@ -60,7 +66,7 @@ int chpasswd_main(int argc UNUSED_PARAM,
salt[2] = '$';
crypt_make_salt(salt + 3, 4);
}
- pass = pw_encrypt(pass, salt, 0);
+ free_me = pass = pw_encrypt(pass, salt, 0);
}
/* This is rather complex: if user is not found in /etc/shadow,
@@ -81,8 +87,7 @@ int chpasswd_main(int argc UNUSED_PARAM,
bb_info_msg("Password for '%s' changed", name);
logmode = LOGMODE_STDIO;
free(name);
- if (!(opt & OPT_ENC))
- free(pass);
+ free(free_me);
}
return EXIT_SUCCESS;
}
|
