1 files changed, 16 insertions, 11 deletions
diff --git a/libbb/correct_password.c b/libbb/correct_password.c
index d031b2109..c515b26af 100644
--- a/libbb/correct_password.c
+++ b/libbb/correct_password.c
@@ -37,19 +37,24 @@
 int correct_password(const struct passwd *pw)
 {
-        char *unencrypted, *encrypted, *correct;
+        char *unencrypted, *encrypted;
+        const char *correct;
+#if ENABLE_FEATURE_SHADOWPASSWDS
+        /* Using _r function to avoid pulling in static buffers */
+        struct spwd spw;
+        struct spwd *result;
+        char buffer[256];
+#endif
-#ifdef CONFIG_FEATURE_SHADOWPASSWDS
+        correct = pw->pw_passwd;
+#if ENABLE_FEATURE_SHADOWPASSWDS
        if (LONE_CHAR(pw->pw_passwd, 'x') || LONE_CHAR(pw->pw_passwd, '*')) {
-                struct spwd *sp = getspnam(pw->pw_name);
+                if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result))
+                        bb_error_msg("no valid shadow password, checking ordinary one");
-                if (!sp)
+                else
-                        bb_error_msg_and_die("no valid shadow password");
+                        correct = spw.sp_pwdp;
+        }
-                correct = sp->sp_pwdp;
-        } else
 #endif
-                correct = pw->pw_passwd;
        if (!correct || correct[0] == '\0')
                return 1;
@@ -60,5 +65,5 @@ int correct_password(const struct passwd *pw)
        }
        encrypted = crypt(unencrypted, correct);
        memset(unencrypted, 0, strlen(unencrypted));
-        return (!strcmp(encrypted, correct)) ? 1 : 0;
+        return strcmp(encrypted, correct) == 0;
 }

diff --git a/libbb/correct_password.c b/libbb/correct_password.c index d031b2109..c515b26af 100644 --- a/libbb/correct_password.c +++ b/libbb/correct_password.c
@@ -37,19 +37,24 @@
37		37
38	int correct_password(const struct passwd *pw)	38	int correct_password(const struct passwd *pw)
39	{	39	{
40	char unencrypted, encrypted, *correct;	40	char unencrypted, encrypted;
		41	const char *correct;
		42	#if ENABLE_FEATURE_SHADOWPASSWDS
		43	/* Using _r function to avoid pulling in static buffers */
		44	struct spwd spw;
		45	struct spwd *result;
		46	char buffer[256];
		47	#endif
41		48
42	#ifdef CONFIG_FEATURE_SHADOWPASSWDS	49	correct = pw->pw_passwd;
		50	#if ENABLE_FEATURE_SHADOWPASSWDS
43	if (LONE_CHAR(pw->pw_passwd, 'x') \|\| LONE_CHAR(pw->pw_passwd, '*')) {	51	if (LONE_CHAR(pw->pw_passwd, 'x') \|\| LONE_CHAR(pw->pw_passwd, '*')) {
44	struct spwd *sp = getspnam(pw->pw_name);	52	if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result))
45		53	bb_error_msg("no valid shadow password, checking ordinary one");
46	if (!sp)	54	else
47	bb_error_msg_and_die("no valid shadow password");	55	correct = spw.sp_pwdp;
48		56	}
49	correct = sp->sp_pwdp;
50	} else
51	#endif	57	#endif
52	correct = pw->pw_passwd;
53		58
54	if (!correct \|\| correct[0] == '\0')	59	if (!correct \|\| correct[0] == '\0')
55	return 1;	60	return 1;
@@ -60,5 +65,5 @@ int correct_password(const struct passwd *pw)
60	}	65	}
61	encrypted = crypt(unencrypted, correct);	66	encrypted = crypt(unencrypted, correct);
62	memset(unencrypted, 0, strlen(unencrypted));	67	memset(unencrypted, 0, strlen(unencrypted));
63	return (!strcmp(encrypted, correct)) ? 1 : 0;	68	return strcmp(encrypted, correct) == 0;
64	}	69	}