summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--openbsd-compat/xcrypt.c24
1 files changed, 15 insertions, 9 deletions
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index 8913bb81a..cf6a9b99f 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -65,7 +65,9 @@
65 65
66/* 66/*
67 * Pick an appropriate password encryption type and salt for the running 67 * Pick an appropriate password encryption type and salt for the running
68 * system. 68 * system by searching through accounts until we find one that has a valid
69 * salt. Usually this will be root unless the root account is locked out.
70 * If we don't find one we return a traditional DES-based salt.
69 */ 71 */
70static const char * 72static const char *
71pick_salt(void) 73pick_salt(void)
@@ -78,14 +80,18 @@ pick_salt(void)
78 if (salt[0] != '\0') 80 if (salt[0] != '\0')
79 return salt; 81 return salt;
80 strlcpy(salt, "xx", sizeof(salt)); 82 strlcpy(salt, "xx", sizeof(salt));
81 if ((pw = getpwuid(0)) == NULL) 83 setpwent();
82 return salt; 84 while ((pw = getpwent()) != NULL) {
83 passwd = shadow_pw(pw); 85 passwd = shadow_pw(pw);
84 if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL) 86 if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
85 return salt; /* no $, DES */ 87 typelen = p - passwd + 1;
86 typelen = p - passwd + 1; 88 strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
87 strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); 89 explicit_bzero(passwd, strlen(passwd));
88 explicit_bzero(passwd, strlen(passwd)); 90 goto out;
91 }
92 }
93 out:
94 endpwent();
89 return salt; 95 return salt;
90} 96}
91 97