disallow null passwords (geez I fixed this long ago, where'd it go?)

SCCS-vsn: libexec/ftpd/ftpd.c 4.28

diff --git a/usr/src/libexec/ftpd/ftpd.c b/usr/src/libexec/ftpd/ftpd.c
index d9ef402..4f1dbe8 100644 (file)
--- a/usr/src/libexec/ftpd/ftpd.c
+++ b/usr/src/libexec/ftpd/ftpd.c
@@ -1,5 +1,5 @@
 #ifndef lint
 #ifndef lint

-static char sccsid[] = "@(#)ftpd.c     4.27 (Berkeley) %G%";
+static char sccsid[] = "@(#)ftpd.c     4.28 (Berkeley) %G%";

 #endif
 
 /*
 #endif
 
 /*


@@ -221,7 +221,7 @@ pass(passwd)
        }
        if (!guest) {           /* "ftp" is only account allowed no password */
                xpasswd = crypt(passwd, pw->pw_passwd);
        }
        if (!guest) {           /* "ftp" is only account allowed no password */
                xpasswd = crypt(passwd, pw->pw_passwd);

-               if (strcmp(xpasswd, pw->pw_passwd) != 0) {
+               if (*pw->pw_passwd == '\0' || strcmp(xpasswd, pw->pw_passwd)) {

                        reply(530, "Login incorrect.");
                        pw = NULL;
                        return;
                        reply(530, "Login incorrect.");
                        pw = NULL;
                        return;