From: Karel Zak <kzak@redhat.com>
Date: Tue, 11 Dec 2018 13:20:19 +0000 (+0100)
Subject: lslogins: make valid_pwd() more robust
X-Git-Tag: v2.34-rc1~184
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6245c26ad4e4a7cc97a209a6b237e8c4bd1706a4;p=thirdparty%2Futil-linux.git

lslogins: make valid_pwd() more robust

Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/login-utils/lslogins.c b/login-utils/lslogins.c
index 280768e7a9..cb03272b46 100644
--- a/login-utils/lslogins.c
+++ b/login-utils/lslogins.c
@@ -611,15 +611,21 @@ static const char *get_pwd_method(const char *str, const char **next, unsigned i
 
 #define is_valid_pwd_char(x)	(isalnum((unsigned char) (x)) || (x) ==  '.' || (x) == '/')
 
+/*
+ * This function do not accept empty passwords or locked accouns.
+ */
 static int valid_pwd(const char *str)
 {
 	const char *p = str;
 	unsigned int sz = 0, n;
 
+	if (!str || !*str)
+		return 0;
+
 	/* $id$ */
 	if (get_pwd_method(str, &p, &sz) == NULL)
 		return 0;
-	if (!*p)
+	if (!p || !*p)
 		return 0;
 
 	/* salt$ */
@@ -635,7 +641,7 @@ static int valid_pwd(const char *str)
 		return 0;
 
 	/* encrypted */
-	for (n = 0; p && *p; p++, n++) {
+	for (n = 0; *p; p++, n++) {
 		if (!is_valid_pwd_char(*p))
 			return 0;
 	}