diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | auth.c | 4 |
2 files changed, 8 insertions, 3 deletions
@@ -1,3 +1,8 @@ | |||
1 | 20061205 | ||
2 | - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would | ||
3 | occur if the server did not have the privsep user and an invalid user | ||
4 | tried to login and both privsep and krb5 auth are disabled; ok dtucker@ | ||
5 | |||
1 | 20061108 | 6 | 20061108 |
2 | - (dtucker) OpenBSD CVS Sync | 7 | - (dtucker) OpenBSD CVS Sync |
3 | - markus@cvs.openbsd.org 2006/11/07 13:02:07 | 8 | - markus@cvs.openbsd.org 2006/11/07 13:02:07 |
@@ -2611,4 +2616,4 @@ | |||
2611 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 2616 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
2612 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 2617 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
2613 | 2618 | ||
2614 | $Id: ChangeLog,v 1.4589 2006/11/07 23:01:36 dtucker Exp $ | 2619 | $Id: ChangeLog,v 1.4590 2006/12/04 22:08:54 djm Exp $ |
@@ -569,8 +569,8 @@ fakepw(void) | |||
569 | fake.pw_passwd = | 569 | fake.pw_passwd = |
570 | "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; | 570 | "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; |
571 | fake.pw_gecos = "NOUSER"; | 571 | fake.pw_gecos = "NOUSER"; |
572 | fake.pw_uid = privsep_pw->pw_uid; | 572 | fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid; |
573 | fake.pw_gid = privsep_pw->pw_gid; | 573 | fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid; |
574 | #ifdef HAVE_PW_CLASS_IN_PASSWD | 574 | #ifdef HAVE_PW_CLASS_IN_PASSWD |
575 | fake.pw_class = ""; | 575 | fake.pw_class = ""; |
576 | #endif | 576 | #endif |