- (djm) Bug #652: Fix empty password auth

author: Damien Miller <djm@mindrot.org> 2003-09-18 18:26:48 +1000
committer: Damien Miller <djm@mindrot.org> 2003-09-18 18:26:48 +1000
commit: aa9a76fe4c128cb119f21db65cbf9e82cd48c876 (patch)
tree: efb80effafc970f607aa2fe2a44fbe3ab01a8fa5
parent: ade1cee573c0897cd08987dc14e23a555898cd12 (diff)
2 files changed, 5 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index cfdafff42..999c26ed6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+20030918
+ - (djm) Bug #652: Fix empty password auth
 20030917
 - (djm) OpenBSD Sync
   - markus@cvs.openbsd.org 2003/09/16 21:02:40
@@ -1115,4 +1118,4 @@
 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
   Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.2994.2.6 2003/09/16 21:35:09 djm Exp $
+$Id: ChangeLog,v 1.2994.2.7 2003/09/18 08:26:48 djm Exp $
diff --git a/auth-passwd.c b/auth-passwd.c
index 95cc134de..971c7ba19 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -143,7 +143,7 @@ auth_password(Authctxt *authctxt, const char *password)
        char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
        /* Check for users with no password. */
-        if (strcmp(pw_password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
+        if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
                return ok;
        else {
                /* Encrypt the candidate password using the proper salt. */
author	Damien Miller <djm@mindrot.org>	2003-09-18 18:26:48 +1000
committer	Damien Miller <djm@mindrot.org>	2003-09-18 18:26:48 +1000
commit	aa9a76fe4c128cb119f21db65cbf9e82cd48c876 (patch)
tree	efb80effafc970f607aa2fe2a44fbe3ab01a8fa5
parent	ade1cee573c0897cd08987dc14e23a555898cd12 (diff)