lslogins: make valid_pwd() more robust

Signed-off-by: Karel Zak <kzak@redhat.com>
author: Karel Zak 2018-12-11 14:20:19 +0100
committer: Karel Zak 2018-12-11 14:20:19 +0100
commit: 6245c26ad4e4a7cc97a209a6b237e8c4bd1706a4 (patch)
tree: 348470ebdf32e53c1606ab3b19a222773efbaabd /login-utils
parent: Merge branch 'fix-couple-warnings' of https://github.com/kerolasa/util-linux (diff)
download: kernel-qcow2-util-linux-6245c26ad4e4a7cc97a209a6b237e8c4bd1706a4.tar.gz
kernel-qcow2-util-linux-6245c26ad4e4a7cc97a209a6b237e8c4bd1706a4.tar.xz
kernel-qcow2-util-linux-6245c26ad4e4a7cc97a209a6b237e8c4bd1706a4.zip
1 files changed, 8 insertions, 2 deletions
diff --git a/login-utils/lslogins.c b/login-utils/lslogins.c
index 280768e7a..cb03272b4 100644
--- a/login-utils/lslogins.c
+++ b/login-utils/lslogins.c
@@ -611,15 +611,21 @@ static const char *get_pwd_method(const char *str, const char **next, unsigned i
 
 #define is_valid_pwd_char(x)	(isalnum((unsigned char) (x)) || (x) ==  '.' || (x) == '/')
 
+/*
+ * This function do not accept empty passwords or locked accouns.
+ */
 static int valid_pwd(const char *str)
 {
 	const char *p = str;
 	unsigned int sz = 0, n;
 
+	if (!str || !*str)
+		return 0;
+
 	/* $id$ */
 	if (get_pwd_method(str, &p, &sz) == NULL)
 		return 0;
-	if (!*p)
+	if (!p || !*p)
 		return 0;
 
 	/* salt$ */
@@ -635,7 +641,7 @@ static int valid_pwd(const char *str)
 		return 0;
 
 	/* encrypted */
-	for (n = 0; p && *p; p++, n++) {
+	for (n = 0; *p; p++, n++) {
 		if (!is_valid_pwd_char(*p))
 			return 0;
 	}
author	Karel Zak	2018-12-11 14:20:19 +0100
committer	Karel Zak	2018-12-11 14:20:19 +0100
commit	6245c26ad4e4a7cc97a209a6b237e8c4bd1706a4 (patch)
tree	348470ebdf32e53c1606ab3b19a222773efbaabd /login-utils
parent	Merge branch 'fix-couple-warnings' of https://github.com/kerolasa/util-linux (diff)
download	kernel-qcow2-util-linux-6245c26ad4e4a7cc97a209a6b237e8c4bd1706a4.tar.gz kernel-qcow2-util-linux-6245c26ad4e4a7cc97a209a6b237e8c4bd1706a4.tar.xz kernel-qcow2-util-linux-6245c26ad4e4a7cc97a209a6b237e8c4bd1706a4.zip