On Mon, Aug 29, 2022 at 09:08:26AM +0200, Greg Steuck wrote:
> Greg Steuck <gne...@openbsd.org> writes:
>
> Matthieu> + authok = priv_pw_check(user, style, pass);
>
> I suspect your original patch may have swapped the arguments. The
> password should go before style.
Oops you're right thanks.
>
> What do you thing about this patch (tested locally, but I don't have
> style):
Works for me. I also cannot check style easyly (otherwise I would
probably have caught the mistake, but I've check with
and without : in the password).
>
> diff --git a/app/xlockmore/xlock/passwd.c b/app/xlockmore/xlock/passwd.c
> index 914db414f..23ba9043e 100644
> --- a/app/xlockmore/xlock/passwd.c
> +++ b/app/xlockmore/xlock/passwd.c
> @@ -1278,17 +1278,15 @@ checkPasswd(char *buffer)
>
> #ifdef USE_PRIVSEP
> char *pass;
> - char *style;
>
> /* buffer can be in the form style:pass */
> if ((pass = strchr(buffer, ':')) != NULL) {
> - *pass++ = '\0';
> - style = buffer;
> - } else {
> - pass = buffer;
> - style = NULL;
> + *pass++ = '\0';
> + if (priv_pw_check(user, pass, buffer))
> + return True;
> + *--pass = ':';
> }
> - return priv_pw_check(user, pass, style);
> + return priv_pw_check(user, buffer, NULL);
> #elif defined(BSD_AUTH)
> char *pass;
> char *style;
> --
> 2.37.2
>
--
Matthieu Herrb
