Remove some more of the crypt() calls in login_chpass.
Index: login_chpass/Makefile =================================================================== RCS file: /cvs/src/libexec/login_chpass/Makefile,v retrieving revision 1.7 diff -u -p -r1.7 Makefile --- login_chpass/Makefile 22 Apr 2014 10:21:56 -0000 1.7 +++ login_chpass/Makefile 14 Oct 2015 19:39:03 -0000 @@ -13,7 +13,7 @@ CFLAGS+=-Wall .if (${YP:L} == "yes") CFLAGS+=-DYP -SRCS+= yp_passwd.c pwd_check.c pwd_gensalt.c +SRCS+= yp_passwd.c pwd_check.c DPADD+= ${LIBRPCSVC} ${LIBUTIL} LDADD+= -lrpcsvc -lutil .endif Index: login_chpass/login_chpass.c =================================================================== RCS file: /cvs/src/libexec/login_chpass/login_chpass.c,v retrieving revision 1.16 diff -u -p -r1.16 login_chpass.c --- login_chpass/login_chpass.c 4 Dec 2012 02:24:47 -0000 1.16 +++ login_chpass/login_chpass.c 14 Oct 2015 19:38:31 -0000 @@ -199,16 +199,11 @@ yp_chpass(char *username) } } if (pw == NULL) { - char *p, salt[_PASSWORD_LEN + 1]; - login_cap_t *lc; - - /* no such user, get appropriate salt to thwart timing attack */ + char *p; + /* no such user, but fake to thwart timing attack */ if ((p = getpass("Old password:")) != NULL) { - if ((lc = login_getclass(NULL)) == NULL || - pwd_gensalt(salt, sizeof(salt), lc, 'y') == 0) - strlcpy(salt, "xx", sizeof(salt)); - crypt(p, salt); - memset(p, 0, strlen(p)); + crypt_checkpass(p, NULL); + explicit_bzero(p, strlen(p)); } warnx("YP passwd database unchanged."); exit(1); Index: login_lchpass/Makefile =================================================================== RCS file: /cvs/src/libexec/login_lchpass/Makefile,v retrieving revision 1.3 diff -u -p -r1.3 Makefile --- login_lchpass/Makefile 19 Jun 2001 16:38:21 -0000 1.3 +++ login_lchpass/Makefile 14 Oct 2015 19:39:16 -0000 @@ -3,7 +3,7 @@ # BSDI $From: Makefile,v 1.2 1997/08/08 18:58:22 prb Exp $ PROG= login_lchpass -SRCS= login_lchpass.c local_passwd.c pwd_check.c pwd_gensalt.c +SRCS= login_lchpass.c local_passwd.c pwd_check.c MAN= login_lchpass.8 .PATH: ${.CURDIR}/../../usr.bin/passwd Index: login_lchpass/login_lchpass.c =================================================================== RCS file: /cvs/src/libexec/login_lchpass/login_lchpass.c,v retrieving revision 1.14 diff -u -p -r1.14 login_lchpass.c --- login_lchpass/login_lchpass.c 4 Dec 2012 02:24:47 -0000 1.14 +++ login_lchpass/login_lchpass.c 14 Oct 2015 19:39:33 -0000 @@ -63,7 +63,7 @@ main(int argc, char *argv[]) login_cap_t *lc; struct iovec iov[2]; struct passwd *pwd; - char *username = NULL, *salt, *p, saltbuf[_PASSWORD_LEN + 1]; + char *username = NULL, *hash = NULL, *p; struct rlimit rl; int c; @@ -119,15 +119,7 @@ main(int argc, char *argv[]) } if (pwd) - salt = pwd->pw_passwd; - else { - /* no such user, get appropriate salt */ - if ((lc = login_getclass(NULL)) == NULL || - pwd_gensalt(saltbuf, sizeof(saltbuf), lc, 'l') == 0) - salt = "xx"; - else - salt = saltbuf; - } + hash = pwd->pw_passwd; (void)setpriority(PRIO_PROCESS, 0, -4); @@ -135,10 +127,11 @@ main(int argc, char *argv[]) if ((p = getpass("Old Password:")) == NULL) exit(1); - salt = crypt(p, salt); - memset(p, 0, strlen(p)); - if (!pwd || strcmp(salt, pwd->pw_passwd) != 0) + if (crypt_checkpass(p, hash) != 0) { + explicit_bzero(p, strlen(p)); exit(1); + } + explicit_bzero(p, strlen(p)); /* * We rely on local_passwd() to block signals during the