From 6245c26ad4e4a7cc97a209a6b237e8c4bd1706a4 Mon Sep 17 00:00:00 2001
From: Karel Zak
Date: Tue, 11 Dec 2018 14:20:19 +0100
Subject: lslogins: make valid_pwd() more robust

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 login-utils/lslogins.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'login-utils')

diff --git a/login-utils/lslogins.c b/login-utils/lslogins.c
index 280768e7a..cb03272b4 100644
--- a/login-utils/lslogins.c
+++ b/login-utils/lslogins.c
@@ -611,15 +611,21 @@ static const char *get_pwd_method(const char *str, const char **next, unsigned i
 
 #define is_valid_pwd_char(x)	(isalnum((unsigned char) (x)) || (x) ==  '.' || (x) == '/')
 
+/*
+ * This function do not accept empty passwords or locked accouns.
+ */
 static int valid_pwd(const char *str)
 {
 	const char *p = str;
 	unsigned int sz = 0, n;
 
+	if (!str || !*str)
+		return 0;
+
 	/* $id$ */
 	if (get_pwd_method(str, &p, &sz) == NULL)
 		return 0;
-	if (!*p)
+	if (!p || !*p)
 		return 0;
 
 	/* salt$ */
@@ -635,7 +641,7 @@ static int valid_pwd(const char *str)
 		return 0;
 
 	/* encrypted */
-	for (n = 0; p && *p; p++, n++) {
+	for (n = 0; *p; p++, n++) {
 		if (!is_valid_pwd_char(*p))
 			return 0;
 	}
-- 
cgit v1.2.3-55-g7522