From b4abb0213644abfa7bc98c7f6c67f662003fd10b Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Mon, 16 Nov 2009 21:41:40 -0800
Subject: [PATCH] Don't use an invalid salt when encrypting password

---
 useradmin/md5-lib.pl  | 11 ++++++++++-
 useradmin/user-lib.pl |  4 ++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/useradmin/md5-lib.pl b/useradmin/md5-lib.pl
index 7df0812be..7b1a63923 100755
--- a/useradmin/md5-lib.pl
+++ b/useradmin/md5-lib.pl
@@ -24,12 +24,17 @@ return undef;
 sub encrypt_md5
 {
 local $passwd = $_[0];
+local $salt = $_[1];
 local $magic = '$1$';
-local $salt = $_[1] || substr(time(), -8);
 if ($salt =~ /^\$1\$([^\$]+)/) {
 	# Extract actual salt from already encrypted password
 	$salt = $1;
 	}
+if ($salt !~ /^[a-z0-9\/]{8}$/i) {
+	# Non-MD5 salt
+	$salt = undef;
+	}
+$salt ||= substr(time(), -8);
 
 # Use built-in crypt support for MD5, if we can
 if (&unix_crypt_supports_md5()) {
@@ -162,6 +167,10 @@ sub encrypt_blowfish
 local ($passwd, $salt) = @_;
 local ($plain, $base64);
 eval "use Crypt::Eksblowfish::Bcrypt";
+if ($salt !~ /^\$2a\$/) {
+	# Invalid salt for Blowfish
+	$salt = undef;
+	}
 if (!$salt) {
 	# Generate a 22-character base-64 format salt
 	&seed_random();
diff --git a/useradmin/user-lib.pl b/useradmin/user-lib.pl
index 6e47b82fb..4911d63ff 100755
--- a/useradmin/user-lib.pl
+++ b/useradmin/user-lib.pl
@@ -1796,6 +1796,10 @@ elsif ($format == 2) {
 	}
 else {
 	# Just do old-style crypt() DES encryption
+	if ($salt !~ /^[a-z0-9]{2}/i) {
+		# Un-usable non-DES salt
+		$salt = undef;
+		}
 	$salt ||= chr(int(rand(26))+65) . chr(int(rand(26))+65);
 	return &unix_crypt($pass, $salt);
 	}