Changeset 51180 in vbox for trunk/src/VBox/Runtime

Timestamp:

May 2, 2014 11:45:03 AM (11 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

93548

Message:

Runtime/r3/Linux: better handle user accounts with empty passwords

File:

• trunk/src/VBox/Runtime/r3/posix/process-creation-posix.cpp (modified) (1 diff)

trunk/src/VBox/Runtime/r3/posix/process-creation-posix.cpp

@@ -114 +114 @@
         pw->pw_passwd = spwd->sp_pwdp;
 
-    /* be reentrant */
-    struct crypt_data *data = (struct crypt_data*)RTMemTmpAllocZ(sizeof(*data));
-    char *pszEncPasswd = crypt_r(pszPasswd, pw->pw_passwd, data);
-    int fCorrect = !strcmp(pszEncPasswd, pw->pw_passwd);
-    RTMemTmpFree(data);
+    /* Default fCorrect=true if no password specified. In that case, pw->pw_passwd
+     * must be NULL (no password set for this user). Fail if a password is specified
+     * but the user does not have one assigned. */
+    int fCorrect = !pszPasswd || !*pszPasswd;
+    if (pw->pw_passwd)
+    {
+        struct crypt_data *data = (struct crypt_data*)RTMemTmpAllocZ(sizeof(*data));
+        /* be reentrant */
+        char *pszEncPasswd = crypt_r(pszPasswd, pw->pw_passwd, data);
+        fCorrect = pszEncPasswd && !strcmp(pszEncPasswd, pw->pw_passwd);
+        RTMemTmpFree(data);
+    }
     if (!fCorrect)
         return VERR_PERMISSION_DENIED;