fix(users): harden password hash handling in ModifyPasswd

Validate password crypt hashes before invoking chpasswd to reject
invalid characters and malformed input per crypt(5).

Also improve process isolation and sensitive data handling by clearing
the child environment, switching to an explicit stdin pipe flow, and
zeroing the temporary password buffer after use.

Additionally, avoid exposing detailed backend errors to callers to
reduce information disclosure risks.

Signed-off-by: ComixHe <heyuming@deepin.org>

Author: ComixHe

accounts1/users/prop.go

@@ -157,25 +157,77 @@ func ModifyShell(shell, username string) error {
 	return doAction(userCmdModify, []string{"-s", shell, username})
 }
 
+// from: https://manpages.debian.org/unstable/libcrypt-dev/crypt.5.en.html
+func IsValidCryptHash(hash string) bool {
+	if hash == "" {
+		return false
+	}
+
+	for i := 0; i < len(hash); i++ {
+		b := hash[i]
+
+		if b < 32 || b > 126 {
+			return false
+		}
+
+		switch b {
+		case ' ', ':', ';', '*', '!', '\\':
+			return false
+		}
+	}
+
+	return true
+}
+
 func ModifyPasswd(words, username string) error {
-	if len(words) == 0 {
+	if words == "" || username == "" {
 		return errInvalidParam
 	}
 	// 防止命令注入
 	if strings.ContainsAny(words, "\n\r") || strings.ContainsAny(username, "\n\r:") {
 		return errInvalidParam
 	}
 
+	if !IsValidCryptHash(words) {
+		return errors.New("invalid password hash")
+	}
+
 	cmd := exec.Command(pwdCmdModify, "-e")
-	input := fmt.Sprintf("%s:%s\n", username, words)
-	cmd.Stdin = bytes.NewBufferString(input)
+	cmd.Env = []string{}
+
+	stdin, err := cmd.StdinPipe()
+	if err != nil {
+		return fmt.Errorf("failed to create stdin pipe: %w", err)
+	}
 
 	var stderr bytes.Buffer
 	cmd.Stderr = &stderr
 
-	err := cmd.Run()
-	if err != nil {
-		return fmt.Errorf("failed to modify password: %v, %s", err, stderr.String())
+	if err := cmd.Start(); err != nil {
+		return fmt.Errorf("failed to start command: %w", err)
+	}
+
+	// Write the password hash to stdin
+	input := []byte(username + ":" + words + "\n")
+	_, writeErr := stdin.Write(input)
+	for i := range input {
+		input[i] = 0
+	}
+
+	if len(input) > 0 && input[0] != 0 {
+		_ = input[0] // forbid DCE and ensure input is zeroed out
+	}
+
+	stdin.Close()
+
+	if writeErr != nil {
+		_ = cmd.Process.Kill()
+		return fmt.Errorf("failed to write to stdin: %w", writeErr)
+	}
+
+	if err := cmd.Wait(); err != nil {
+
+		return errors.New("failed to update system password configuration")
 	}
 
 	return nil