diff options
Diffstat (limited to 'libbb')
-rw-r--r-- | libbb/correct_password.c | 27 | ||||
-rw-r--r-- | libbb/lineedit.c | 13 |
2 files changed, 24 insertions, 16 deletions
diff --git a/libbb/correct_password.c b/libbb/correct_password.c index d031b21..c515b26 100644 --- a/libbb/correct_password.c +++ b/libbb/correct_password.c @@ -37,19 +37,24 @@ int correct_password(const struct passwd *pw) { - char *unencrypted, *encrypted, *correct; + char *unencrypted, *encrypted; + const char *correct; +#if ENABLE_FEATURE_SHADOWPASSWDS + /* Using _r function to avoid pulling in static buffers */ + struct spwd spw; + struct spwd *result; + char buffer[256]; +#endif -#ifdef CONFIG_FEATURE_SHADOWPASSWDS + correct = pw->pw_passwd; +#if ENABLE_FEATURE_SHADOWPASSWDS if (LONE_CHAR(pw->pw_passwd, 'x') || LONE_CHAR(pw->pw_passwd, '*')) { - struct spwd *sp = getspnam(pw->pw_name); - - if (!sp) - bb_error_msg_and_die("no valid shadow password"); - - correct = sp->sp_pwdp; - } else + if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)) + bb_error_msg("no valid shadow password, checking ordinary one"); + else + correct = spw.sp_pwdp; + } #endif - correct = pw->pw_passwd; if (!correct || correct[0] == '\0') return 1; @@ -60,5 +65,5 @@ int correct_password(const struct passwd *pw) } encrypted = crypt(unencrypted, correct); memset(unencrypted, 0, strlen(unencrypted)); - return (!strcmp(encrypted, correct)) ? 1 : 0; + return strcmp(encrypted, correct) == 0; } diff --git a/libbb/lineedit.c b/libbb/lineedit.c index 16256f7..61b88fd 100644 --- a/libbb/lineedit.c +++ b/libbb/lineedit.c @@ -342,15 +342,18 @@ static void username_tab_completion(char *ud, char *with_shash_flg) } } else { /* "~[^/]*" */ - setpwent(); + /* Using _r function to avoid pulling in static buffers */ + char line_buff[PWD_BUFFER_SIZE]; + struct passwd pwd; + struct passwd *result; - while ((entry = getpwent()) != NULL) { + setpwent(); + while (!getpwent_r(&pwd, line_buff, sizeof(line_buff), &result)) { /* Null usernames should result in all users as possible completions. */ - if ( /*!userlen || */ !strncmp(ud, entry->pw_name, userlen)) { - add_match(xasprintf("~%s/", entry->pw_name)); + if (/*!userlen || */ strncmp(ud, pwd.pw_name, userlen) == 0) { + add_match(xasprintf("~%s/", pwd.pw_name)); } } - endpwent(); } } |