commit: 84edf5725688c180bc0e34e8139612afc34d1dc9
parent 9e8650e1afec88b181a5c71e2b3b3492ba9b803d
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Sun, 14 Mar 2021 19:23:51 +0100
sys-apps/shadow: Treat empty password field as invalid
Diffstat:
1 file changed, 32 insertions(+), 0 deletions(-)
diff --git a/patches/sys-apps/shadow/empty-passwd-assert.patch b/patches/sys-apps/shadow/empty-passwd-assert.patch
@@ -0,0 +1,32 @@
+From 1b1df50a8fb020e33b1dd2d3a6a7605a09a2a2be Mon Sep 17 00:00:00 2001
+From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me>
+Date: Sun, 14 Mar 2021 19:13:13 +0100
+Subject: [PATCH] su: Treat an empty passwd field as invalid
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Otherwise it's treated like the “require no password” clause while it probably
+should be treated like a normal su that can't validate anyway.
+
+A similar change should be done for USE_PAM.
+---
+ src/su.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/su.c b/src/su.c
+index cea3f155..b064d71b 100644
+--- a/src/su.c
++++ b/src/su.c
+@@ -501,6 +501,11 @@ static void check_perms_nopam (const struct passwd *pw)
+ /*@observer@*/const char *password = pw->pw_passwd;
+ RETSIGTYPE (*oldsig) (int);
+
++ if (strcmp (pw->pw_passwd, "") == 0) {
++ fprintf(stderr, _("Password field is empty, this is invalid.\n"));
++ exit(1);
++ }
++
+ if (caller_is_root) {
+ return;
+ }
