From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Thu, 23 Mar 2000 00:27:41 +0000 (+0000)
Subject: Better fix for handling HP-UX aging info.
X-Git-Tag: SUDO_1_6_3~25
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4d4ed8c166d2e69d32530bc4b199b2470132428d;p=sudo

Better fix for handling HP-UX aging info.
---

diff --git a/auth/passwd.c b/auth/passwd.c
index 0d84c64dd..0bb5b3c04 100644
--- a/auth/passwd.c
+++ b/auth/passwd.c
@@ -58,6 +58,9 @@
 static const char rcsid[] = "$Sudo$";
 #endif /* lint */
 
+#define DESLEN			13
+#define HAS_AGEINFO(p, l)	(l == 18 && p[DESLEN] == ',')
+
 int
 passwd_verify(pw, pass, auth)
     struct passwd *pw;
@@ -65,8 +68,11 @@ passwd_verify(pw, pass, auth)
     sudo_auth *auth;
 {
     char sav, *epass;
+    size_t pw_len;
     int error;
 
+    pw_len = strlen(pw->pw_passwd);
+
 #ifdef HAVE_GETAUTHUID
     /* Ultrix shadow passwords may use crypt16() */
     error = strcmp(pw->pw_passwd, (char *) crypt16(pass, pw->pw_passwd));
@@ -79,20 +85,20 @@ passwd_verify(pw, pass, auth)
      * If this turns out not to be safe we will have to use OS #ifdef's (sigh).
      */
     sav = pass[8];
-    if (strlen(pw->pw_passwd) == 13)
+    if (pw_len == DESLEN || HAS_AGEINFO(pw->pw_passwd, pw_len))
 	pass[8] = '\0';
 
     /*
      * Normal UN*X password check.
-     * HP-UX adds extra info at the end for password aging so we only
-     * compare the first len(epass) bytes *unless* pass is the empty string.
+     * HP-UX may add aging info (separated by a ',') at the end so
+     * only compare the first DESLEN characters in that case.
      */
     epass = (char *) crypt(pass, pw->pw_passwd);
-    if (*pass)
-	error = strncmp(pw->pw_passwd, epass, strlen(epass));
+    pass[8] = sav;
+    if (HAS_AGEINFO(pw->pw_passwd, pw_len) && strlen(epass) == DESLEN)
+	error = strncmp(pw->pw_passwd, epass, DESLEN);
     else
 	error = strcmp(pw->pw_passwd, epass);
-    pass[8] = sav;
 
     return(error ? AUTH_FAILURE : AUTH_SUCCESS);
 }