Index: ChangeLog
===================================================================
RCS file: /cvsroot/grub/grub/ChangeLog,v
retrieving revision 1.452
diff -u -u -r1.452 ChangeLog
--- ChangeLog	30 Dec 2001 08:23:16 -0000	1.452
+++ ChangeLog	2 Jan 2002 17:08:22 -0000
@@ -1,3 +1,8 @@
+2002-01-02  Jeremy Katz  <address@hidden>
+ 
+ 	* stage2/md5.c (md5_password): ensure the password exists before
+ 	trying to check against the md5 crypted version
+ 
 2001-12-30  Yoshinori K. Okuji  <address@hidden>
 
 	* stage1/stage1.S: Don't call INT 13, AH=48H, because it is
Index: stage2/md5.c
===================================================================
RCS file: /cvsroot/grub/grub/stage2/md5.c,v
retrieving revision 1.2
diff -u -u -r1.2 md5.c
--- stage2/md5.c	21 Oct 2000 00:13:55 -0000	1.2
+++ stage2/md5.c	2 Jan 2002 17:08:22 -0000
@@ -214,8 +214,14 @@
   unsigned char alt_result[16];
   unsigned char *digest;
 
-  if (check)
+  if (check) 
+    {
+    /* if our crypted password isn't 3 chars, then it can't be md5
+       crypted.  so, they don't match */
+    if (strlen(crypted) <= 3)
+      return 1;
     saltlen = strstr (salt, "$") - salt;
+    }
   else
     {
       char *end = strstr (salt, "$");