gregor@cs.vu.nl (Greg Sharp) (04/14/87)
I don't know if this bug has been reported before but, just in case:
At present the passwd program allows you to enter null passwords. If you
replace a non-null password with a null password it corrupts the password
file. It rewrites the file and unfortunately a null password uses less
space in the password file than a non-null password. There is a little
tail at the end.
The safest fix is to disallow null passwords.
In the file passwd.c in the commands directory add the following code
after line 50:
/* this is line 50 */
strcpy (password, getpass("New password: "));
/* new code */
if (password[0] == '\0') {
std_err("password cannot be null\n");
exit(1);
}
gregor@cs.vu.nl