Check both MD5 and crypt formats when checking old password

diff --git a/passwd/save_passwd.cgi b/passwd/save_passwd.cgi
index 6b1c951..b3b4cc1 100755 (executable)
--- a/passwd/save_passwd.cgi
+++ b/passwd/save_passwd.cgi
@@ -60,7 +60,17 @@ else {
                # Validate inputs
                if ($access{'old'} == 1 ||
                    $access{'old'} == 2 && $user->{'user'} ne $remote_user) {
-                       &unix_crypt($in{'old'}, $user->{'pass'}) eq $user->{'pass'} ||
+                       $chash = undef;
+                       eval {
+                               # May fail if crypt is broken
+                               local $main::error_must_die = 1;
+                               $chash = &unix_crypt($in{'old'},
+                                                    $user->{'pass'});
+                               };
+                       $md5hash = &useradmin::encrypt_password(
+                                          $in{'old'}, $user->{'pass'});
+                       $chash eq $user->{'pass'} ||
+                          $md5hash eq $user->{'pass'} ||
                                &error($text{'passwd_eold'});
                        }
                if ($access{'repeat'}) {