Mercurial > dropbear

diff svr-authpasswd.c @ 58:5edf356295af

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge of 3b1edf7489e1de452e30aaaec37d647db44e4328 and 6cdb6b2c0e0e0a600eeb5975e499c9303fe2d4d4
author Matt Johnston <matt@ucc.asn.au>
date Mon, 09 Aug 2004 03:21:20 +0000
parents a48ba599292a
children eee77ac31ccc
line wrap: on
line diff
--- a/svr-authpasswd.c	Fri Aug 06 16:37:59 2004 +0000
+++ b/svr-authpasswd.c	Mon Aug 09 03:21:20 2004 +0000
@@ -50,7 +50,7 @@
 	passwdcrypt = ses.authstate.pw->pw_passwd;
 #ifdef HAVE_SHADOW_H
 	/* get the shadow password if possible */
-	spasswd = getspnam(ses.authstate.pw->pw_name);
+	spasswd = getspnam(ses.authstate.printableuser);
 	if (spasswd != NULL && spasswd->sp_pwdp != NULL) {
 		passwdcrypt = spasswd->sp_pwdp;
 	}
@@ -87,6 +87,8 @@
 
 	/* the first bytes of passwdcrypt are the salt */
 	testcrypt = crypt((char*)password, passwdcrypt);
+	m_burn(password, passwordlen);
+	m_free(password);
 
 	if (strcmp(testcrypt, passwdcrypt) == 0) {
 		/* successful authentication */
@@ -101,8 +103,6 @@
 		send_msg_userauth_failure(0, 1);
 	}
 
-	m_burn(password, passwordlen);
-	m_free(password);
 }
 
 #endif /* DROPBEAR_PASSWORD_AUTH */