busybox/patches/busybox-1.19.2-chpasswd.patch

--- busybox-1.19.2/loginutils/chpasswd.c
+++ busybox-1.19.2-chpasswd/loginutils/chpasswd.c
@@ -33,9 +33,8 @@ static const char chpasswd_longopts[] AL
 int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int chpasswd_main(int argc UNUSED_PARAM, char **argv)
 {
-	char *name, *pass;
-	char salt[sizeof("$N$XXXXXXXX")];
-	int opt, rc;
+	char *name;
+	int opt;
 
 	if (getuid() != 0)
 		bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
@@ -45,6 +44,10 @@ int chpasswd_main(int argc UNUSED_PARAM,
 	opt = getopt32(argv, "em");
 
 	while ((name = xmalloc_fgetline(stdin)) != NULL) {
+		char *free_me;
+		char *pass;
+		int rc;
+
 		pass = strchr(name, ':');
 		if (!pass)
 			bb_error_msg_and_die("missing new password");
@@ -52,7 +55,10 @@ int chpasswd_main(int argc UNUSED_PARAM,
 
 		xuname2uid(name); /* dies if there is no such user */
 
+		free_me = NULL;
 		if (!(opt & OPT_ENC)) {
+			char salt[sizeof("$N$XXXXXXXX")];
+
 			crypt_make_salt(salt, 1);
 			if (opt & OPT_MD5) {
 				salt[0] = '$';
@@ -60,7 +66,7 @@ int chpasswd_main(int argc UNUSED_PARAM,
 				salt[2] = '$';
 				crypt_make_salt(salt + 3, 4);
 			}
-			pass = pw_encrypt(pass, salt, 0);
+			free_me = pass = pw_encrypt(pass, salt, 0);
 		}
 
 		/* This is rather complex: if user is not found in /etc/shadow,
@@ -81,8 +87,7 @@ int chpasswd_main(int argc UNUSED_PARAM,
 			bb_info_msg("Password for '%s' changed", name);
 		logmode = LOGMODE_STDIO;
 		free(name);
-		if (!(opt & OPT_ENC))
-			free(pass);
+		free(free_me);
 	}
 	return EXIT_SUCCESS;
 }
1	niro	1541	--- busybox-1.19.2/loginutils/chpasswd.c
2			+++ busybox-1.19.2-chpasswd/loginutils/chpasswd.c
3			@@ -33,9 +33,8 @@ static const char chpasswd_longopts[] AL
4			int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
5			int chpasswd_main(int argc UNUSED_PARAM, char **argv)
6			{
7			- char name, pass;
8			- char salt[sizeof("$N$XXXXXXXX")];
9			- int opt, rc;
10			+ char *name;
11			+ int opt;
12
13			if (getuid() != 0)
14			bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
15			@@ -45,6 +44,10 @@ int chpasswd_main(int argc UNUSED_PARAM,
16			opt = getopt32(argv, "em");
17
18			while ((name = xmalloc_fgetline(stdin)) != NULL) {
19			+ char *free_me;
20			+ char *pass;
21			+ int rc;
22			+
23			pass = strchr(name, ':');
24			if (!pass)
25			bb_error_msg_and_die("missing new password");
26			@@ -52,7 +55,10 @@ int chpasswd_main(int argc UNUSED_PARAM,
27
28			xuname2uid(name); /* dies if there is no such user */
29
30			+ free_me = NULL;
31			if (!(opt & OPT_ENC)) {
32			+ char salt[sizeof("$N$XXXXXXXX")];
33			+
34			crypt_make_salt(salt, 1);
35			if (opt & OPT_MD5) {
36			salt[0] = '$';
37			@@ -60,7 +66,7 @@ int chpasswd_main(int argc UNUSED_PARAM,
38			salt[2] = '$';
39			crypt_make_salt(salt + 3, 4);
40			}
41			- pass = pw_encrypt(pass, salt, 0);
42			+ free_me = pass = pw_encrypt(pass, salt, 0);
43			}
44
45			/* This is rather complex: if user is not found in /etc/shadow,
46			@@ -81,8 +87,7 @@ int chpasswd_main(int argc UNUSED_PARAM,
47			bb_info_msg("Password for '%s' changed", name);
48			logmode = LOGMODE_STDIO;
49			free(name);
50			- if (!(opt & OPT_ENC))
51			- free(pass);
52			+ free(free_me);
53			}
54			return EXIT_SUCCESS;
55			}