From 1ef134942c0dd78a8088e469f2952efe1892b1f1 Mon Sep 17 00:00:00 2001
From: Leigh B Stoller <stoller@flux.utah.edu>
Date: Wed, 16 Mar 2016 10:10:55 -0600
Subject: [PATCH] Fix taint check in old password.

---
 account/mkusercert.in | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/account/mkusercert.in b/account/mkusercert.in
index ab7138e530..420ad94ccf 100755
--- a/account/mkusercert.in
+++ b/account/mkusercert.in
@@ -207,7 +207,10 @@ if (defined($options{"c"}) || defined($options{"C"})) {
     if (defined($options{"c"})) {
 	$old_password = $options{"c"};
     }
-    elsif ($target_user->SSLPassPhrase(1, \$old_password) == 0) {
+    elsif ($target_user->SSLPassPhrase(1, \$old_password)) {
+	$old_password = undef;
+    }
+    if (defined($old_password)) {
 	#
 	# Make sure its all escaped since any printable char is allowed.
 	#
-- 
GitLab