1 files changed, 55 insertions, 0 deletions

diff --git a/package/busybox/busybox-1.19.2/busybox-1.19.2-chpasswd.patch b/package/busybox/busybox-1.19.2/busybox-1.19.2-chpasswd.patch
new file mode 100644
index 000000000..0cba0e219
--- /dev/null
+++ b/package/busybox/busybox-1.19.2/busybox-1.19.2-chpasswd.patch
@@ -0,0 +1,55 @@
+--- busybox-1.19.2/loginutils/chpasswd.c
++++ busybox-1.19.2-chpasswd/loginutils/chpasswd.c
+@@ -33,9 +33,8 @@ static const char chpasswd_longopts[] AL
+ int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
+ {
+-	char *name, *pass;
+-	char salt[sizeof("$N$XXXXXXXX")];
+-	int opt, rc;
++	char *name;
++	int opt;
+ 
+ 	if (getuid() != 0)
+ 		bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
+@@ -45,6 +44,10 @@ int chpasswd_main(int argc UNUSED_PARAM,
+ 	opt = getopt32(argv, "em");
+ 
+ 	while ((name = xmalloc_fgetline(stdin)) != NULL) {
++		char *free_me;
++		char *pass;
++		int rc;
++
+ 		pass = strchr(name, ':');
+ 		if (!pass)
+ 			bb_error_msg_and_die("missing new password");
+@@ -52,7 +55,10 @@ int chpasswd_main(int argc UNUSED_PARAM,
+ 
+ 		xuname2uid(name); /* dies if there is no such user */
+ 
++		free_me = NULL;
+ 		if (!(opt & OPT_ENC)) {
++			char salt[sizeof("$N$XXXXXXXX")];
++
+ 			crypt_make_salt(salt, 1);
+ 			if (opt & OPT_MD5) {
+ 				salt[0] = '$';
+@@ -60,7 +66,7 @@ int chpasswd_main(int argc UNUSED_PARAM,
+ 				salt[2] = '$';
+ 				crypt_make_salt(salt + 3, 4);
+ 			}
+-			pass = pw_encrypt(pass, salt, 0);
++			free_me = pass = pw_encrypt(pass, salt, 0);
+ 		}
+ 
+ 		/* This is rather complex: if user is not found in /etc/shadow,
+@@ -81,8 +87,7 @@ int chpasswd_main(int argc UNUSED_PARAM,
+ 			bb_info_msg("Password for '%s' changed", name);
+ 		logmode = LOGMODE_STDIO;
+ 		free(name);
+-		if (!(opt & OPT_ENC))
+-			free(pass);
++		free(free_me);
+ 	}
+ 	return EXIT_SUCCESS;
+ }