1 files changed, 34 insertions, 0 deletions
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index 8577cbd8a..8913bb81a 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -25,6 +25,7 @@
 #include "includes.h"
 #include <sys/types.h>
+#include <string.h>
 #include <unistd.h>
 #include <pwd.h>
@@ -62,11 +63,44 @@
 #  define crypt DES_crypt
 # endif
+/*
+ * Pick an appropriate password encryption type and salt for the running
+ * system.
+ */
+static const char *
+pick_salt(void)
+{
+        struct passwd *pw;
+        char *passwd, *p;
+        size_t typelen;
+        static char salt[32];
+        if (salt[0] != '\0')
+                return salt;
+        strlcpy(salt, "xx", sizeof(salt));
+        if ((pw = getpwuid(0)) == NULL)
+                return salt;
+        passwd = shadow_pw(pw);
+        if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL)
+                return salt;  /* no $, DES */
+        typelen = p - passwd + 1;
+        strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
+        explicit_bzero(passwd, strlen(passwd));
+        return salt;
+}
 char *
 xcrypt(const char *password, const char *salt)
 {
        char *crypted;
+        /*
+         * If we don't have a salt we are encrypting a fake password for
+         * for timing purposes.  Pick an appropriate salt.
+         */
+        if (salt == NULL)
+                salt = pick_salt();
 # ifdef HAVE_MD5_PASSWORDS
        if (is_md5_salt(salt))
                crypted = md5_crypt(password, salt);

diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 8577cbd8a..8913bb81a 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c
@@ -25,6 +25,7 @@
25	#include "includes.h"	25	#include "includes.h"
26		26
27	#include <sys/types.h>	27	#include <sys/types.h>
		28	#include <string.h>
28	#include <unistd.h>	29	#include <unistd.h>
29	#include <pwd.h>	30	#include <pwd.h>
30		31
@@ -62,11 +63,44 @@
62	# define crypt DES_crypt	63	# define crypt DES_crypt
63	# endif	64	# endif
64		65
		66	/*
		67	* Pick an appropriate password encryption type and salt for the running
		68	* system.
		69	*/
		70	static const char *
		71	pick_salt(void)
		72	{
		73	struct passwd *pw;
		74	char passwd, p;
		75	size_t typelen;
		76	static char salt[32];
		77
		78	if (salt[0] != '\0')
		79	return salt;
		80	strlcpy(salt, "xx", sizeof(salt));
		81	if ((pw = getpwuid(0)) == NULL)
		82	return salt;
		83	passwd = shadow_pw(pw);
		84	if (passwd[0] != '$' \|\| (p = strrchr(passwd + 1, '$')) == NULL)
		85	return salt; /* no $, DES */
		86	typelen = p - passwd + 1;
		87	strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
		88	explicit_bzero(passwd, strlen(passwd));
		89	return salt;
		90	}
		91
65	char *	92	char *
66	xcrypt(const char password, const char salt)	93	xcrypt(const char password, const char salt)
67	{	94	{
68	char *crypted;	95	char *crypted;
69		96
		97	/*
		98	* If we don't have a salt we are encrypting a fake password for
		99	* for timing purposes. Pick an appropriate salt.
		100	*/
		101	if (salt == NULL)
		102	salt = pick_salt();
		103
70	# ifdef HAVE_MD5_PASSWORDS	104	# ifdef HAVE_MD5_PASSWORDS
71	if (is_md5_salt(salt))	105	if (is_md5_salt(salt))
72	crypted = md5_crypt(password, salt);	106	crypted = md5_crypt(password, salt);