summaryrefslogtreecommitdiff
path: root/package/busybox/patches/000-upstream-chpasswd.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/busybox/patches/000-upstream-chpasswd.patch')
-rw-r--r--package/busybox/patches/000-upstream-chpasswd.patch55
1 files changed, 55 insertions, 0 deletions
diff --git a/package/busybox/patches/000-upstream-chpasswd.patch b/package/busybox/patches/000-upstream-chpasswd.patch
new file mode 100644
index 0000000000..75b0c4ddde
--- /dev/null
+++ b/package/busybox/patches/000-upstream-chpasswd.patch
@@ -0,0 +1,55 @@
+--- a/loginutils/chpasswd.c
++++ b/loginutils/chpasswd.c
+@@ -33,9 +33,8 @@ static const char chpasswd_longopts[] AL
+ int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
+ {
+- char *name, *pass;
+- char salt[sizeof("$N$XXXXXXXX")];
+- int opt, rc;
++ char *name;
++ int opt;
+
+ if (getuid() != 0)
+ bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
+@@ -45,6 +44,10 @@ int chpasswd_main(int argc UNUSED_PARAM,
+ opt = getopt32(argv, "em");
+
+ while ((name = xmalloc_fgetline(stdin)) != NULL) {
++ char *free_me;
++ char *pass;
++ int rc;
++
+ pass = strchr(name, ':');
+ if (!pass)
+ bb_error_msg_and_die("missing new password");
+@@ -52,7 +55,10 @@ int chpasswd_main(int argc UNUSED_PARAM,
+
+ xuname2uid(name); /* dies if there is no such user */
+
++ free_me = NULL;
+ if (!(opt & OPT_ENC)) {
++ char salt[sizeof("$N$XXXXXXXX")];
++
+ crypt_make_salt(salt, 1);
+ if (opt & OPT_MD5) {
+ salt[0] = '$';
+@@ -60,7 +66,7 @@ int chpasswd_main(int argc UNUSED_PARAM,
+ salt[2] = '$';
+ crypt_make_salt(salt + 3, 4);
+ }
+- pass = pw_encrypt(pass, salt, 0);
++ free_me = pass = pw_encrypt(pass, salt, 0);
+ }
+
+ /* This is rather complex: if user is not found in /etc/shadow,
+@@ -81,8 +87,7 @@ int chpasswd_main(int argc UNUSED_PARAM,
+ bb_info_msg("Password for '%s' changed", name);
+ logmode = LOGMODE_STDIO;
+ free(name);
+- if (!(opt & OPT_ENC))
+- free(pass);
++ free(free_me);
+ }
+ return EXIT_SUCCESS;
+ }