From: Todd C. Miller Date: Thu, 19 Feb 2015 21:17:57 +0000 (-0700) Subject: Historically, crypt() returned the empty string on error, which X-Git-Tag: SUDO_1_8_13^2~48 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9b514ed83c523db706d264c257c6412125221d23;p=sudo Historically, crypt() returned the empty string on error, which ensured that crypt("", "") would return "", which supported matcing empty encrypted passwords with no additional code. Some modern versions of crypt() (such as glibc) return NULL on error so we need an explicit test to match an empty plaintext password and an empty encrypted password. --- diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c index 09c2c97e0..a7da4985a 100644 --- a/plugins/sudoers/auth/passwd.c +++ b/plugins/sudoers/auth/passwd.c @@ -71,7 +71,9 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth) int matched = 0; debug_decl(sudo_passwd_verify, SUDOERS_DEBUG_AUTH) - pw_len = strlen(pw_epasswd); + /* An empty plain-text password must match an empty encrypted password. */ + if (pass[0] == '\0') + debug_return_int(pw_epasswd[0] ? AUTH_FAILURE : AUTH_SUCCESS); #ifdef HAVE_GETAUTHUID /* Ultrix shadow passwords may use crypt16() */ @@ -85,6 +87,7 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth) * If this turns out not to be safe we will have to use OS #ifdef's (sigh). */ sav = pass[8]; + pw_len = strlen(pw_epasswd); if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) pass[8] = '\0'; diff --git a/plugins/sudoers/auth/secureware.c b/plugins/sudoers/auth/secureware.c index 6039cdc70..50ebdb070 100644 --- a/plugins/sudoers/auth/secureware.c +++ b/plugins/sudoers/auth/secureware.c @@ -75,6 +75,11 @@ sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth) char *pw_epasswd = auth->data; char *epass = NULL; debug_decl(sudo_secureware_verify, SUDOERS_DEBUG_AUTH) + + /* An empty plain-text password must match an empty encrypted password. */ + if (pass[0] == '\0') + debug_return_int(pw_epasswd[0] ? AUTH_FAILURE : AUTH_SUCCESS); + #ifdef __alpha { extern int crypt_type;