From edcd6ce3a097c9b813909186dcb4accc35e604ef Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Tue, 7 Apr 2015 10:52:16 +0200
Subject: Use crypt_r if available in pam_userdb and in pam_unix.

* modules/pam_unix/passverify.c (create_password_hash): Call crypt_r()
instead of crypt() if available.
* modules/pam_userdb/pam_userdb.c (user_lookup): Call crypt_r()
instead of crypt() if available.
---
 modules/pam_userdb/pam_userdb.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

(limited to 'modules/pam_userdb/pam_userdb.c')

diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
index ba36ebf2..8df1a40c 100644
--- a/modules/pam_userdb/pam_userdb.c
+++ b/modules/pam_userdb/pam_userdb.c
@@ -213,15 +213,23 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
 
 	  /* crypt(3) password storage */
 
-	  char *cryptpw;
+	  char *cryptpw = NULL;
 
 	  if (data.dsize < 13) {
 	    compare = -2;
 	  } else if (ctrl & PAM_ICASE_ARG) {
 	    compare = -2;
 	  } else {
+#ifdef HAVE_CRYPT_R
+	    struct crypt_data *cdata = NULL;
+	    cdata = malloc(sizeof(*cdata));
+	    if (cdata != NULL) {
+		cdata->initialized = 0;
+		cryptpw = crypt_r(pass, data.dptr, cdata);
+	    }
+#else
 	    cryptpw = crypt (pass, data.dptr);
-
+#endif
 	    if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
 	      compare = memcmp(data.dptr, cryptpw, data.dsize);
 	    } else {
@@ -232,9 +240,11 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
 		else
 		  pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
 	      }
-	    };
-
-	  };
+	    }
+#ifdef HAVE_CRYPT_R
+	    free(cdata);
+#endif
+	  }
 
 	} else {
 
-- 
cgit v1.2.3