From 584071ef780ad7f4dc7674183f45c0f1641baa80 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Mon, 15 Jan 2024 22:43:32 +0100
Subject: pam_pwhistory: parse opasswd lines verbatim

Users may have a hash character in their name, which would be removed.
This in turn effectively defeats the purpose of pam_pwhistory for the
user.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 modules/pam_pwhistory/opasswd.c | 20 ++++----------------
 1 file changed, 4 insertions(+), 16 deletions(-)

(limited to 'modules/pam_pwhistory')

diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c
index 165cf5df..4541d658 100644
--- a/modules/pam_pwhistory/opasswd.c
+++ b/modules/pam_pwhistory/opasswd.c
@@ -169,7 +169,7 @@ check_old_pass, const char *user, const char *newpass, const char *filename, int
 
   while (!feof (oldpf))
     {
-      char *cp, *tmp;
+      char *cp;
       ssize_t n = getline (&buf, &buflen, oldpf);
 
       cp = buf;
@@ -177,16 +177,10 @@ check_old_pass, const char *user, const char *newpass, const char *filename, int
       if (n < 1)
         break;
 
-      tmp = strchr (cp, '#');  /* remove comments */
-      if (tmp)
-        *tmp = '\0';
-      while (isspace ((unsigned char)*cp))    /* remove spaces and tabs */
-        ++cp;
+      cp[strcspn(cp, "\n")] = '\0';
       if (*cp == '\0')        /* ignore empty lines */
         continue;
 
-      cp[strcspn(cp, "\n")] = '\0';
-
       if (strncmp (cp, user, strlen (user)) == 0 &&
           cp[strlen (user)] == ':')
         {
@@ -359,7 +353,7 @@ save_old_pass, const char *user, int howmany, const char *filename, int debug UN
   if (!do_create)
     while (!feof (oldpf))
       {
-	char *cp, *tmp, *save;
+	char *cp, *save;
 	ssize_t n = getline (&buf, &buflen, oldpf);
 
 	if (n < 1)
@@ -375,16 +369,10 @@ save_old_pass, const char *user, int howmany, const char *filename, int debug UN
 	    goto error_opasswd;
           }
 
-	tmp = strchr (cp, '#');  /* remove comments */
-	if (tmp)
-	  *tmp = '\0';
-	while (isspace ((unsigned char)*cp))    /* remove spaces and tabs */
-	  ++cp;
+	cp[strcspn(cp, "\n")] = '\0';
 	if (*cp == '\0')        /* ignore empty lines */
 	  goto write_old_data;
 
-	cp[strcspn(cp, "\n")] = '\0';
-
 	if (strncmp (cp, user, strlen (user)) == 0 &&
 	    cp[strlen (user)] == ':')
 	  {
-- 
cgit v1.2.3