multiuser_utils: Fixed verifying empty password.

* verify_password() would accept all passwords if the there was none set, instead of accepting only an empty password.
2015-06-25 17:47:27 +02:00 · 2015-06-25 17:47:27 +02:00 · cb82874e92
commit cb82874e92
parent e0fc09b439
1 changed files with 6 additions and 2 deletions
--- a/src/bin/multiuser/multiuser_utils.cpp
+++ b/src/bin/multiuser/multiuser_utils.cpp
@ -103,8 +103,12 @@ verify_password(passwd* passwd, spwd* spwd, const char* plainPassword)
 	}

 	// If no password is required, we're done.
-	if (requiredPassword == NULL || strlen(requiredPassword) == 0)
-		return true;
+	if (requiredPassword == NULL || requiredPassword[0] == '\0') {
+		if (plainPassword == NULL || plainPassword[0] == '\0')
+			return true;
+
+		return false;
+	}

 	// crypt and check it
 	char* encryptedPassword = crypt(plainPassword, requiredPassword);