From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 19 Jan 2025 20:23:54 +0000 (+0100)
Subject: lib/encrypt.c: Do not exit in error case
X-Git-Tag: 4.17.3~62
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=6cbce81df97a16363c46cbd1e8202c3b4f0a2205;p=thirdparty%2Fshadow.git

lib/encrypt.c: Do not exit in error case

If crypt fails, pw_encrypt calls exit. This has the consequence that the
plaintext password is not cleared.

A valid password can fail if the underlying library does not support it.
One such example is SHA512, for which the password must not be longer
than 256 characters on musl. A password longer than this with glibc
works, so it is actually possible that a user, running passwd, tries to
enter the old password but the musl-based passwd binary simply exits.
Let passwd clear the password before exiting.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---

diff --git a/lib/encrypt.c b/lib/encrypt.c
index c84a2552f..9c1cb4067 100644
--- a/lib/encrypt.c
+++ b/lib/encrypt.c
@@ -65,7 +65,8 @@
 		(void) fprintf (shadow_logfd,
 		                _("crypt method not supported by libcrypt? (%s)\n"),
 		                method);
-		exit (EXIT_FAILURE);
+		errno = EINVAL;
+		return NULL;
 	}
 
 	if (strlen (cp) != 13) {