Merge upstream version 1.1.8

1 files changed, 7 insertions, 11 deletions

diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
index 11b0d6bd..de8b5b1e 100644
--- a/modules/pam_userdb/pam_userdb.c
+++ b/modules/pam_userdb/pam_userdb.c
@@ -145,7 +145,7 @@ _pam_parse (pam_handle_t *pamh, int argc, const char **argv,
  * return values:
  *	 1  = User not found
  *	 0  = OK
- * 	-1  = Password incorrect
+ *	-1  = Password incorrect
  *	-2  = System error
  */
 static int
@@ -214,17 +214,13 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
 	  /* crypt(3) password storage */
 
 	  char *cryptpw;
-	  char salt[2];
 
-	  if (data.dsize != 13) {
+	  if (data.dsize < 13) {
 	    compare = -2;
 	  } else if (ctrl & PAM_ICASE_ARG) {
 	    compare = -2;
 	  } else {
-	    salt[0] = *data.dptr;
-	    salt[1] = *(data.dptr + 1);
-
-	    cryptpw = crypt (pass, salt);
+	    cryptpw = crypt (pass, data.dptr);
 
 	    if (cryptpw) {
 	      compare = strncasecmp (data.dptr, cryptpw, data.dsize);
@@ -362,12 +358,12 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
      retval = pam_get_item(pamh, PAM_AUTHTOK, &password);
      if (retval != PAM_SUCCESS || password == NULL) {
         if ((ctrl & PAM_TRY_FPASS_ARG) != 0) {
-    	    /* Converse to obtain a password */
-    	    retval = obtain_authtok(pamh);
-    	    if (retval != PAM_SUCCESS) {
+	    /* Converse to obtain a password */
+	    retval = obtain_authtok(pamh);
+	    if (retval != PAM_SUCCESS) {
 	        pam_syslog(pamh, LOG_ERR, "can not obtain password from user");
 		return retval;
-    	    }
+	    }
 	    retval = pam_get_item(pamh, PAM_AUTHTOK, &password);
 	}
 	if (retval != PAM_SUCCESS || password == NULL) {