Do not expose password if it is empty and PWF_STANDARD format is requested

[pw-darwin.git] / pw / pwupd.c

diff --git a/pw/pwupd.c b/pw/pwupd.c
index fef3662667e96d9d48ffd6af2461b9187b21e7c7..84226a90b300b73df246057583e899f485edb68f 100644 (file)
--- a/pw/pwupd.c
+++ b/pw/pwupd.c
@@ -111,7 +111,8 @@ fmtpwentry(char *buf, struct passwd * pwd, int type)
        int             l;
        char           *pw;
 
-       pw = (pwd->pw_passwd == NULL || !*pwd->pw_passwd) ? "" : (type == PWF_MASTER) ? pwd->pw_passwd : "*";
+       pw = (type == PWF_MASTER) ?
+           ((pwd->pw_passwd == NULL) ? "" : pwd->pw_passwd) : "*";
 
        if (type == PWF_PASSWD)
                l = sprintf(buf, "%s:*:%ld:%ld:%s:%s:%s\n",
@@ -166,6 +167,8 @@ pw_update(struct passwd * pwd, char const * user, int mode)
                else
                        fmtpwentry(pwbuf, pwd, PWF_PASSWD);
 
+               if (l < 0)
+                       l = 0;
                rc = fileupdate(getpwpath(_PASSWD), 0644, pwbuf, pfx, l, mode);
                if (rc == 0) {
 
@@ -174,7 +177,7 @@ pw_update(struct passwd * pwd, char const * user, int mode)
                         */
                        if (pwd != NULL)
                                fmtpwentry(pwbuf, pwd, PWF_MASTER);
-                       rc = fileupdate(getpwpath(_MASTERPASSWD), 0644, pwbuf, pfx, l, mode);
+                       rc = fileupdate(getpwpath(_MASTERPASSWD), 0600, pwbuf, pfx, l, mode);
                        if (rc == 0) {
 #ifdef HAVE_PWDB_U
                                if (mode == UPD_DELETE || isrename)