Date: Fri, 13 Feb 1998 13:03:02 -0800 (PST) From: "Andrey A. Chernov" <ache@FreeBSD.ORG> To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrbin@FreeBSD.ORG Subject: cvs commit: src/usr.bin/login login.c Message-ID: <199802132103.NAA25254@freefall.freebsd.org>
index | next in thread | raw e-mail
ache 1998/02/13 13:03:02 PST
Modified files:
usr.bin/login login.c
Log:
Fix very rare but dangerous bug:
for some DES passwords
crypt(real_password, salt)
is equal to
crypt("", salt);
It means that this user (and not only he) can login without
entering password at all, just pressing Return.
So if empty password entered and crypted password is not empty,
invalidate any crypt result by assigning ":"
Revision Changes Path
1.32 +3 -1 src/usr.bin/login/login.c
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802132103.NAA25254>