0001-login-su-Treat-an-empty-passwd-field-as-invalid.patch (1449B)
- From 999a428a064222c4fba980baa3b061d39e23ed75 Mon Sep 17 00:00:00 2001
- From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me>
- Date: Sun, 14 Mar 2021 19:13:13 +0100
- Subject: [PATCH 1/2] login & su: Treat an empty passwd field as invalid
- MIME-Version: 1.0
- Content-Type: text/plain; charset=UTF-8
- Content-Transfer-Encoding: 8bit
- Otherwise it's treated like the “require no password” clause while it probably
- should be treated like a normal su that can't validate anyway.
- A similar change should be done for USE_PAM.
- ---
- src/login.c | 4 ++++
- src/su.c | 5 +++++
- 2 files changed, 9 insertions(+)
- diff --git a/src/login.c b/src/login.c
- index 00508cd5..0c0b5c86 100644
- --- a/src/login.c
- +++ b/src/login.c
- @@ -978,6 +978,10 @@ int main (int argc, char **argv)
- || ('*' == user_passwd[0])) {
- failed = true;
- }
- + /* Treat empty password field as invalid */
- + if (strcmp (user_passwd, "") == 0) {
- + failed = true;
- + }
- }
- if (strcmp (user_passwd, SHADOW_PASSWD_STRING) == 0) {
- diff --git a/src/su.c b/src/su.c
- index fc0e826f..638f533f 100644
- --- a/src/su.c
- +++ b/src/su.c
- @@ -499,6 +499,11 @@ static void check_perms_nopam (const struct passwd *pw)
- /*@observer@*/const char *password = pw->pw_passwd;
- RETSIGTYPE (*oldsig) (int);
- + if (strcmp (pw->pw_passwd, "") == 0) {
- + fprintf(stderr, _("Password field is empty, this is invalid.\n"));
- + exit(1);
- + }
- +
- if (caller_is_root) {
- return;
- }
- --
- 2.26.3