commit: 829c2664db671ff4335fb423f26711368e14e509
parent 0c3146587c85c853d8f987051d92d3b5f5de1363
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Tue, 1 Nov 2022 18:07:24 +0100
login,su: Always fetch getspnam contents
Diffstat:
| M | login.c | 25 | ++++++++++++------------- |
| M | su.c | 21 | ++++++++++++--------- |
2 files changed, 24 insertions(+), 22 deletions(-)
diff --git a/login.c b/login.c
@@ -122,22 +122,21 @@ main(int argc, char *argv[])
}
#ifdef __linux__
- if(pw_hash && strcmp(pw_hash, "x") == 0)
+ // Always fetched to avoid potentially leaking passwd contents
+ errno = 0;
+ struct spwd *swent = getspnam(username);
+ if(errno != 0)
{
- errno = 0;
- struct spwd *swent = getspnam(username);
+ perror("login: getspnam");
+ }
- if(errno == 0)
- {
- pw_hash = swent->sp_pwdp;
- explicit_bzero(swent, sizeof(swent));
- swent = NULL;
- }
- else
- {
- perror("getspnam");
- }
+ if(pw_hash && strcmp(pw_hash, "x") == 0)
+ {
+ pw_hash = swent->sp_pwdp;
}
+
+ explicit_bzero(swent, sizeof(swent));
+ swent = NULL;
#endif /* __linux__ */
char *password = NULL;
diff --git a/su.c b/su.c
@@ -121,18 +121,21 @@ main(int argc, char *argv[])
}
#ifdef __linux__
- if(pw_hash && strcmp(pw_hash, "x") == 0)
+ // Always fetched to avoid potentially leaking passwd contents
+ errno = 0;
+ struct spwd *swent = getspnam(username);
+ if(errno != 0)
{
- errno = 0;
- struct spwd *swent = getspnam(username);
+ perror("su: getspnam");
+ }
- if(errno == 0)
- {
- pw_hash = swent->sp_pwdp;
- explicit_bzero(swent, sizeof(swent));
- swent = NULL;
- }
+ if(pw_hash && strcmp(pw_hash, "x") == 0)
+ {
+ pw_hash = swent->sp_pwdp;
}
+
+ explicit_bzero(swent, sizeof(swent));
+ swent = NULL;
#endif /* __linux__ */
char *password = NULL;
