2002-01-02 Jeremy Katz <katzj@redhat.com>

* stage2/md5.c (md5_password): Ensure the password exists before
	trying to check against the md5 crypted version.

ChangeLog

@@ -1,3 +1,8 @@
+2002-01-02  Jeremy Katz  <katzj@redhat.com>
+	
+	* stage2/md5.c (md5_password): Ensure the password exists before
+	trying to check against the md5 crypted version.
+
 2001-12-30  Yoshinori K. Okuji  <okuji@gnu.org>
 
 	* stage1/stage1.S: Don't call INT 13, AH=48H, because it is

docs/grub.8

@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.23.
-.TH GRUB "8" "December 2001" "grub (GNU GRUB 0.90)" FSF
+.TH GRUB "8" "January 2002" "grub (GNU GRUB 0.90)" FSF
 .SH NAME
 grub \- the grub shell
 .SH SYNOPSIS

stage2/md5.c

@@ -1,7 +1,7 @@
 /* md5.c - an implementation of the MD5 algorithm and MD5 crypt */
 /*
  *  GRUB  --  GRand Unified Bootloader
- *  Copyright (C) 2000  Free Software Foundation, Inc.
+ *  Copyright (C) 2000, 2001  Free Software Foundation, Inc.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -215,7 +215,14 @@ md5_password (const char *key, char *crypted, int check)
   unsigned char *digest;
 
   if (check)
-    saltlen = strstr (salt, "$") - salt;
+    {
+      /* If our crypted password isn't 3 chars, then it can't be md5
+	 crypted. So, they don't match.  */
+      if (strlen(crypted) <= 3)
+	return 1;
+      
+      saltlen = strstr (salt, "$") - salt;
+    }
   else
     {
       char *end = strstr (salt, "$");