New upstream version 0.99.8.1

1 files changed, 6 insertions, 6 deletions

diff --git a/Linux-PAM/modules/pam_unix/support.c b/Linux-PAM/modules/pam_unix/support.c
index 954f2c73..fc95f2c0 100644
--- a/Linux-PAM/modules/pam_unix/support.c
+++ b/Linux-PAM/modules/pam_unix/support.c
@@ -679,7 +679,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 			}
 		}
 	} else {
-	    int salt_len = strlen(salt);
+	    size_t salt_len = strlen(salt);
 	    if (!salt_len) {
 		/* the stored password is NULL */
 		if (off(UNIX__NONULL, ctrl)) {/* this means we've succeeded */
@@ -689,19 +689,19 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 		    D(("user has empty password - access denied"));
 		    retval = PAM_AUTH_ERR;
 		}
-	    } else if (!p || (*salt == '*')) {
+	    } else if (!p || *salt == '*' || *salt == '!') {
 		retval = PAM_AUTH_ERR;
 	    } else {
 		if (!strncmp(salt, "$1$", 3)) {
 		    pp = Goodcrypt_md5(p, salt);
-		    if (strcmp(pp, salt) != 0) {
+		    if (pp && strcmp(pp, salt) != 0) {
 			_pam_delete(pp);
 			pp = Brokencrypt_md5(p, salt);
 		    }
 		} else if (*salt != '$' && salt_len >= 13) {
 		    pp = bigcrypt(p, salt);
-		    if (strlen(pp) > salt_len) {
-			pp[salt_len] = '\0';
+		    if (pp && salt_len == 13 && strlen(pp) > salt_len) {
+			_pam_overwrite(pp + salt_len);
 		    }
 		} else {
                     /*
@@ -715,7 +715,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 		/* the moment of truth -- do we agree with the password? */
 		D(("comparing state of pp[%s] and salt[%s]", pp, salt));
 
-		if (strcmp(pp, salt) == 0) {
+		if (pp && strcmp(pp, salt) == 0) {
 		    retval = PAM_SUCCESS;
 		} else {
 		    retval = PAM_AUTH_ERR;