diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | auth.c | 4 |
2 files changed, 8 insertions, 3 deletions
| @@ -1,3 +1,8 @@ | |||
| 1 | 20061205 | ||
| 2 | - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would | ||
| 3 | occur if the server did not have the privsep user and an invalid user | ||
| 4 | tried to login and both privsep and krb5 auth are disabled; ok dtucker@ | ||
| 5 | |||
| 1 | 20061108 | 6 | 20061108 |
| 2 | - (dtucker) OpenBSD CVS Sync | 7 | - (dtucker) OpenBSD CVS Sync |
| 3 | - markus@cvs.openbsd.org 2006/11/07 13:02:07 | 8 | - markus@cvs.openbsd.org 2006/11/07 13:02:07 |
| @@ -2611,4 +2616,4 @@ | |||
| 2611 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 2616 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
| 2612 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 2617 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
| 2613 | 2618 | ||
| 2614 | $Id: ChangeLog,v 1.4589 2006/11/07 23:01:36 dtucker Exp $ | 2619 | $Id: ChangeLog,v 1.4590 2006/12/04 22:08:54 djm Exp $ |
| @@ -569,8 +569,8 @@ fakepw(void) | |||
| 569 | fake.pw_passwd = | 569 | fake.pw_passwd = |
| 570 | "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; | 570 | "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; |
| 571 | fake.pw_gecos = "NOUSER"; | 571 | fake.pw_gecos = "NOUSER"; |
| 572 | fake.pw_uid = privsep_pw->pw_uid; | 572 | fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid; |
| 573 | fake.pw_gid = privsep_pw->pw_gid; | 573 | fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid; |
| 574 | #ifdef HAVE_PW_CLASS_IN_PASSWD | 574 | #ifdef HAVE_PW_CLASS_IN_PASSWD |
| 575 | fake.pw_class = ""; | 575 | fake.pw_class = ""; |
| 576 | #endif | 576 | #endif |