From owner-cvs-usrbin  Fri Feb 13 13:04:53 1998
Return-Path: <owner-cvs-usrbin>
Received: (from daemon@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA07096
          for cvs-usrbin-outgoing; Fri, 13 Feb 1998 13:04:53 -0800 (PST)
          (envelope-from owner-cvs-usrbin)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA06844;
          Fri, 13 Feb 1998 13:03:22 -0800 (PST)
          (envelope-from ache@FreeBSD.org)
From: "Andrey A. Chernov" <ache@FreeBSD.ORG>
Received: (from ache@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id NAA25254;
	Fri, 13 Feb 1998 13:03:02 -0800 (PST)
Date: Fri, 13 Feb 1998 13:03:02 -0800 (PST)
Message-Id: <199802132103.NAA25254@freefall.freebsd.org>
To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-usrbin@FreeBSD.ORG
Subject: cvs commit: src/usr.bin/login login.c
Sender: owner-cvs-usrbin@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

ache        1998/02/13 13:03:02 PST

  Modified files:
    usr.bin/login        login.c 
  Log:
  Fix very rare but dangerous bug:
  for some DES passwords
  	crypt(real_password, salt)
  is equal to
  	crypt("", salt);
  It means that this user (and not only he) can login without
  entering password at all, just pressing Return.
  So if empty password entered and crypted password is not empty,
  invalidate any crypt result by assigning ":"
  
  Revision  Changes    Path
  1.32      +3 -1      src/usr.bin/login/login.c