From 791976490b7c8838ccd847e30e9348c2c72b5e88 Mon Sep 17 00:00:00 2001
From: Ned Ludd <solar@gentoo.org>
Date: Fri, 21 Apr 2006 00:40:35 +0000
Subject: [PATCH] - passwd doesnt use salt with md5 passwords; bug #604 thanks
 taviso

---
 loginutils/passwd.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/loginutils/passwd.c b/loginutils/passwd.c
index 611ced3..a1ad02b 100644
--- a/loginutils/passwd.c
+++ b/loginutils/passwd.c
@@ -322,6 +322,7 @@ static int new_password(const struct passwd *pw, int amroot, int algo)
 	char *clear;
 	char *cipher;
 	char *cp;
+	char salt[12]; /* "$N$XXXXXXXX" or "XX" */
 	char orig[200];
 	char pass[200];
 
@@ -376,11 +377,18 @@ static int new_password(const struct passwd *pw, int amroot, int algo)
 	}
 	memset(cp, 0, strlen(cp));
 	memset(orig, 0, sizeof(orig));
+	memset(salt, 0, sizeof(salt));
 
 	if (algo == 1) {
-		cp = pw_encrypt(pass, "$1$");
-	} else
-		cp = pw_encrypt(pass, crypt_make_salt());
+		strcpy(salt, "$1$");
+		strcat(salt, crypt_make_salt());
+		strcat(salt, crypt_make_salt());
+		strcat(salt, crypt_make_salt());
+	}
+
+	strcat(salt, crypt_make_salt());
+	cp = pw_encrypt(pass, salt);
+
 	memset(pass, 0, sizeof pass);
 	safe_strncpy(crypt_passwd, cp, sizeof(crypt_passwd));
 	return 0;
-- 
2.7.4