From d2fe2ba08dd84cd7e94d1ae3e2e9c12ca2b4d561 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Sun, 11 Sep 2011 12:25:59 +0200 Subject: chpasswd: fix possible free() or non-allocated string. +8 bytes Signed-off-by: Denys Vlasenko --- loginutils/chpasswd.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/loginutils/chpasswd.c b/loginutils/chpasswd.c index 2262b79..b7df57e 100644 --- a/loginutils/chpasswd.c +++ b/loginutils/chpasswd.c @@ -33,9 +33,8 @@ static const char chpasswd_longopts[] ALIGN1 = int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; int chpasswd_main(int argc UNUSED_PARAM, char **argv) { - char *name, *pass; - char salt[sizeof("$N$XXXXXXXX")]; - int opt, rc; + char *name; + int opt; if (getuid() != 0) bb_error_msg_and_die(bb_msg_perm_denied_are_you_root); @@ -45,6 +44,10 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv) opt = getopt32(argv, "em"); while ((name = xmalloc_fgetline(stdin)) != NULL) { + char *free_me; + char *pass; + int rc; + pass = strchr(name, ':'); if (!pass) bb_error_msg_and_die("missing new password"); @@ -52,7 +55,10 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv) xuname2uid(name); /* dies if there is no such user */ + free_me = NULL; if (!(opt & OPT_ENC)) { + char salt[sizeof("$N$XXXXXXXX")]; + crypt_make_salt(salt, 1); if (opt & OPT_MD5) { salt[0] = '$'; @@ -60,7 +66,7 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv) salt[2] = '$'; crypt_make_salt(salt + 3, 4); } - pass = pw_encrypt(pass, salt, 0); + free_me = pass = pw_encrypt(pass, salt, 0); } /* This is rather complex: if user is not found in /etc/shadow, @@ -81,8 +87,7 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv) bb_info_msg("Password for '%s' changed", name); logmode = LOGMODE_STDIO; free(name); - if (!(opt & OPT_ENC)) - free(pass); + free(free_me); } return EXIT_SUCCESS; } -- cgit v1.1