Date: Fri, 13 Feb 1998 13:03:02 -0800 (PST) From: "Andrey A. Chernov" <ache@FreeBSD.ORG> To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrbin@FreeBSD.ORG Subject: cvs commit: src/usr.bin/login login.c Message-ID: <199802132103.NAA25254@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
ache 1998/02/13 13:03:02 PST
Modified files:
usr.bin/login login.c
Log:
Fix very rare but dangerous bug:
for some DES passwords
crypt(real_password, salt)
is equal to
crypt("", salt);
It means that this user (and not only he) can login without
entering password at all, just pressing Return.
So if empty password entered and crypted password is not empty,
invalidate any crypt result by assigning ":"
Revision Changes Path
1.32 +3 -1 src/usr.bin/login/login.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802132103.NAA25254>