From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 3 Mar 2000 23:04:50 +0000 (+0000)
Subject: Truncate unencrypted password to 8 chars if encrypted password is exactly
X-Git-Tag: SUDO_1_6_3~36
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8a7226ad7d045bcef0edfee86eca2102a74bedd6;p=sudo

Truncate unencrypted password to 8 chars if encrypted password is exactly
13 characters (indicateing standard a DES password).  Many versions
of crypt() do this for you, but not all (like HP-UX's).
---

diff --git a/auth/passwd.c b/auth/passwd.c
index aee795f20..cfb1fc671 100644
--- a/auth/passwd.c
+++ b/auth/passwd.c
@@ -64,16 +64,27 @@ passwd_verify(pw, pass, auth)
     char *pass;
     sudo_auth *auth;
 {
+    char sav;
+    int error;
 
 #ifdef HAVE_GETAUTHUID
     /* Ultrix shadow passwords may use crypt16() */
-    if (!strcmp(pw->pw_passwd, (char *) crypt16(pass, pw->pw_passwd)))
+    error = strcmp(pw->pw_passwd, (char *) crypt16(pass, pw->pw_passwd));
+    if (!error)
 	return(AUTH_SUCCESS);
 #endif /* HAVE_GETAUTHUID */
 
-    /* Normal UN*X password check */
-    if (!strcmp(pw->pw_passwd, (char *) crypt(pass, pw->pw_passwd)))
-	return(AUTH_SUCCESS);
+    /*
+     * Truncate to 8 chars if standard DES since not all crypt()'s do this.
+     * If this turns out not to be safe we will have to use OS #ifdef's (sigh).
+     */
+    sav = pass[8];
+    if (strlen(pw->pw_passwd) == 13)
+	pass[8] = '\0';
+
+    /* Normal UN*X password check.  */
+    error = strcmp(pw->pw_passwd, (char *) crypt(pass, pw->pw_passwd));
+    pass[8] = sav;
 
-    return(AUTH_FAILURE);
+    return(error ? AUTH_FAILURE : AUTH_SUCCESS);
 }