From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Mon, 13 Mar 2000 20:52:25 +0000 (+0000)
Subject: HP-UX adds extra info at the end for password aging so when comparing
X-Git-Tag: SUDO_1_6_3~31
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cbd8898687cfa67b6ca202da77988e3575845363;p=sudo

HP-UX adds extra info at the end for password aging so when comparing
the result of crypt to pw_passwd we only compare the first len(epass)
bytes *unless* the user entered an empty string for a password.
---

diff --git a/auth/passwd.c b/auth/passwd.c
index cfb1fc671..0d84c64dd 100644
--- a/auth/passwd.c
+++ b/auth/passwd.c
@@ -64,7 +64,7 @@ passwd_verify(pw, pass, auth)
     char *pass;
     sudo_auth *auth;
 {
-    char sav;
+    char sav, *epass;
     int error;
 
 #ifdef HAVE_GETAUTHUID
@@ -82,8 +82,16 @@ passwd_verify(pw, pass, auth)
     if (strlen(pw->pw_passwd) == 13)
 	pass[8] = '\0';
 
-    /* Normal UN*X password check.  */
-    error = strcmp(pw->pw_passwd, (char *) crypt(pass, pw->pw_passwd));
+    /*
+     * Normal UN*X password check.
+     * HP-UX adds extra info at the end for password aging so we only
+     * compare the first len(epass) bytes *unless* pass is the empty string.
+     */
+    epass = (char *) crypt(pass, pw->pw_passwd);
+    if (*pass)
+	error = strncmp(pw->pw_passwd, epass, strlen(epass));
+    else
+	error = strcmp(pw->pw_passwd, epass);
     pass[8] = sav;
 
     return(error ? AUTH_FAILURE : AUTH_SUCCESS);