Historically, crypt() returned the empty string on error, which

ensured that crypt("", "") would return "", which supported matcing
empty encrypted passwords with no additional code.  Some modern
versions of crypt() (such as glibc) return NULL on error so we need
an explicit test to match an empty plaintext password and an empty
encrypted password.

2 files changed, 8 insertions, 1 deletions

diff --git a/auth/passwd.c b/auth/passwd.c
index bea1ac051..36a438cbb 100644
--- a/auth/passwd.c
+++ b/auth/passwd.c
@@ -75,7 +75,9 @@ passwd_verify(pw, pass, auth)
     size_t pw_len;
     int matched = 0;
 
-    pw_len = strlen(pw_epasswd);
+    /* An empty plain-text password must match an empty encrypted password. */
+    if (pass[0] == '\0')
+	return pw_epasswd[0] ? AUTH_FAILURE : AUTH_SUCCESS;
 
 #ifdef HAVE_GETAUTHUID
     /* Ultrix shadow passwords may use crypt16() */
@@ -89,6 +91,7 @@ passwd_verify(pw, pass, auth)
      * If this turns out not to be safe we will have to use OS #ifdef's (sigh).
      */
     sav = pass[8];
+    pw_len = strlen(pw_epasswd);
     if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len))
 	pass[8] = '\0';
 
diff --git a/auth/secureware.c b/auth/secureware.c
index bf9aa7720..4296d646f 100644
--- a/auth/secureware.c
+++ b/auth/secureware.c
@@ -80,6 +80,10 @@ secureware_verify(pw, pass, auth)
 #ifdef __alpha
     extern int crypt_type;
 
+    /* An empty plain-text password must match an empty encrypted password. */
+    if (pass[0] == '\0')
+	return pw_epasswd[0] ? AUTH_FAILURE : AUTH_SUCCESS;
+
 # ifdef HAVE_DISPCRYPT
     epass = dispcrypt(pass, pw_epasswd, crypt_type);
 # else