diff options
| author | Damien Miller <djm@mindrot.org> | 2018-10-10 14:57:00 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-10-10 14:57:00 +1100 |
| commit | d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0 (patch) | |
| tree | bd9f6991a1349aac33e657b7525fc64cda12945c | |
| parent | edbb6febccee084d212fdc0cb05b40cb1c646ab1 (diff) | |
in pick_salt() avoid dereference of NULL passwords
Apparently some NIS implementations can leave pw->pw_passwd (or the
shadow equivalent) NULL.
bz#2909; based on patch from Todd Eigenschink
| -rw-r--r-- | openbsd-compat/xcrypt.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index c9c6283cc..360b187af 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c | |||
| @@ -82,7 +82,8 @@ pick_salt(void) | |||
| 82 | strlcpy(salt, "xx", sizeof(salt)); | 82 | strlcpy(salt, "xx", sizeof(salt)); |
| 83 | setpwent(); | 83 | setpwent(); |
| 84 | while ((pw = getpwent()) != NULL) { | 84 | while ((pw = getpwent()) != NULL) { |
| 85 | passwd = shadow_pw(pw); | 85 | if ((passwd = shadow_pw(pw)) == NULL) |
| 86 | continue; | ||
| 86 | if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) { | 87 | if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) { |
| 87 | typelen = p - passwd + 1; | 88 | typelen = p - passwd + 1; |
| 88 | strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); | 89 | strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); |