--- embedaddon/sudo/plugins/sudoers/auth/passwd.c	2012/02/21 16:23:02	1.1
+++ embedaddon/sudo/plugins/sudoers/auth/passwd.c	2013/10/14 07:56:35	1.1.1.4
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999-2005, 2010-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1999-2005, 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -21,7 +21,6 @@
 #include <config.h>
 
 #include <sys/types.h>
-#include <sys/param.h>
 #include <stdio.h>
 #ifdef STDC_HEADERS
 # include <stdlib.h>
@@ -49,33 +48,36 @@
 #define HAS_AGEINFO(p, l)	(l == 18 && p[DESLEN] == ',')
 
 int
-passwd_init(struct passwd *pw, sudo_auth *auth)
+sudo_passwd_init(struct passwd *pw, sudo_auth *auth)
 {
+    debug_decl(sudo_passwd_init, SUDO_DEBUG_AUTH)
+
 #ifdef HAVE_SKEYACCESS
     if (skeyaccess(pw, user_tty, NULL, NULL) == 0)
-	return AUTH_FAILURE;
+	debug_return_int(AUTH_FAILURE);
 #endif
     sudo_setspent();
     auth->data = sudo_getepw(pw);
     sudo_endspent();
-    return AUTH_SUCCESS;
+    debug_return_int(AUTH_SUCCESS);
 }
 
 int
-passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth)
+sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth)
 {
     char sav, *epass;
     char *pw_epasswd = auth->data;
     size_t pw_len;
-    int error;
+    int matched = 0;
+    debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH)
 
     pw_len = strlen(pw_epasswd);
 
 #ifdef HAVE_GETAUTHUID
     /* Ultrix shadow passwords may use crypt16() */
-    error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd));
-    if (!error)
-	return AUTH_SUCCESS;
+    epass = (char *) crypt16(pass, pw_epasswd);
+    if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
+	debug_return_int(AUTH_SUCCESS);
 #endif /* HAVE_GETAUTHUID */
 
     /*
@@ -93,24 +95,27 @@ passwd_verify(struct passwd *pw, char *pass, sudo_auth
      */
     epass = (char *) crypt(pass, pw_epasswd);
     pass[8] = sav;
-    if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
-	error = strncmp(pw_epasswd, epass, DESLEN);
-    else
-	error = strcmp(pw_epasswd, epass);
+    if (epass != NULL) {
+	if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
+	    matched = !strncmp(pw_epasswd, epass, DESLEN);
+	else
+	    matched = !strcmp(pw_epasswd, epass);
+    }
 
-    return error ? AUTH_FAILURE : AUTH_SUCCESS;
+    debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE);
 }
 
 int
-passwd_cleanup(pw, auth)
+sudo_passwd_cleanup(pw, auth)
     struct passwd *pw;
     sudo_auth *auth;
 {
     char *pw_epasswd = auth->data;
+    debug_decl(sudo_passwd_cleanup, SUDO_DEBUG_AUTH)
 
     if (pw_epasswd != NULL) {
-	zero_bytes(pw_epasswd, strlen(pw_epasswd));
+	memset_s(pw_epasswd, SUDO_CONV_REPL_MAX, 0, strlen(pw_epasswd));
 	efree(pw_epasswd);
     }
-    return AUTH_SUCCESS;
+    debug_return_int(AUTH_SUCCESS);
 }