make pw_encrypt() return malloc'ed string.

   text    data     bss     dec     hex filename
 759802     604    6684  767090   bb472 busybox_old
 759804     604    6676  767084   bb46c busybox_unstripped

2 files changed, 7 insertions, 5 deletions

diff --git a/libbb/correct_password.c b/libbb/correct_password.c
index a4ded8b5f..f0b9384ea 100644
--- a/libbb/correct_password.c
+++ b/libbb/correct_password.c
@@ -40,6 +40,7 @@ int correct_password(const struct passwd *pw)
 {
         char *unencrypted, *encrypted;
         const char *correct;
+        int r;
 #if ENABLE_FEATURE_SHADOWPASSWDS
         /* Using _r function to avoid pulling in static buffers */
         struct spwd spw;
@@ -72,6 +73,8 @@ int correct_password(const struct passwd *pw)
                 return 0;
         }
         encrypted = pw_encrypt(unencrypted, correct, 1);
+        r = (strcmp(encrypted, correct) == 0);
+        free(encrypted);
         memset(unencrypted, 0, strlen(unencrypted));
-        return strcmp(encrypted, correct) == 0;
+        return r;
 }
diff --git a/libbb/pw_encrypt.c b/libbb/pw_encrypt.c
index d439fc3b4..762cbab27 100644
--- a/libbb/pw_encrypt.c
+++ b/libbb/pw_encrypt.c
@@ -54,7 +54,7 @@ static void my_crypt_cleanup(void)
 
 char *pw_encrypt(const char *clear, const char *salt, int cleanup)
 {
-        static char *cipher;
+        char *encrypted;
 
 #if 0 /* was CONFIG_FEATURE_SHA1_PASSWORDS, but there is no such thing??? */
         if (strncmp(salt, "$2$", 3) == 0) {
@@ -62,11 +62,10 @@ char *pw_encrypt(const char *clear, const char *salt, int cleanup)
         }
 #endif
 
-        free(cipher);
-        cipher = my_crypt(clear, salt);
+        encrypted = my_crypt(clear, salt);
 
         if (cleanup)
                 my_crypt_cleanup();
 
-        return cipher;
+        return encrypted;
 }