lib/chkhash.c: is_valid_hash(): Accept a leading '!'

A leading '!' means that the account is locked.

Fixes: c44f1e096a19 (2025-07-20; "chpasswd: Check hash before write when using -e")
Link: <https://github.com/shadow-maint/shadow/issues/1483>
Link: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124835>
Reported-by: Chris Hofstaedtler <zeha@debian.org>
Reviewed-by: Chris Hofstaedtler <zeha@debian.org>
Cc: vinz <mmpx09@protonmail.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: 87ec7a52ab25 (2026-01-07; "lib/chkhash.c: is_valid_hash(): Accept a leading '!'")
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/lib/chkhash.c b/lib/chkhash.c
index 66870500729190c9ffa2c9b0617a2fea6a0a0d93..cb45f3aa9f6c536ac1c98142763522ad04aba1d4 100644 (file)
--- a/lib/chkhash.c
+++ b/lib/chkhash.c
@@ -7,6 +7,8 @@
 #include <stddef.h>
 #include <string.h>
 
+#include "string/strcmp/strprefix.h"
+
 
 /*
  * match_regex - return true if match, false if not
@@ -37,6 +39,8 @@ match_regex(const char *pattern, const char *string)
 bool 
 is_valid_hash(const char *hash) 
 {
+       hash = strprefix(hash, "!") ?: hash;
+
        // Minimum hash length
        if (strlen(hash) < 13)
                return false;