INN commit: trunk/authprogs (ckpasswd.c)
INN Commit
rra at isc.org
Sun Mar 14 03:17:13 UTC 2021
Date: Saturday, March 13, 2021 @ 19:17:12
Author: eagle
Revision: 10545
Avoid segfault in ckpasswd if crypt fails
crypt may fail if the hash type of the password file line
is not supported. Avoid a segfault in this case and return
the correct failure message.
Modified:
trunk/authprogs/ckpasswd.c
------------+
ckpasswd.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Modified: ckpasswd.c
===================================================================
--- ckpasswd.c 2021-01-29 06:38:49 UTC (rev 10544)
+++ ckpasswd.c 2021-03-14 03:17:12 UTC (rev 10545)
@@ -315,6 +315,7 @@
enum authtype { AUTH_NONE, AUTH_SHADOW, AUTH_FILE, AUTH_DBM };
int opt;
+ const char *hash;
enum authtype type = AUTH_NONE;
bool wantgroup = false;
const char *filename = NULL;
@@ -409,7 +410,8 @@
if (password == NULL)
die("user %s unknown", authinfo->username);
- if (strcmp(password, crypt(authinfo->password, password)) != 0)
+ hash = crypt(authinfo->password, password);
+ if (hash == NULL || strcmp(password, hash) != 0)
die("invalid password for user %s", authinfo->username);
/* The password matched. */
More information about the inn-committers
mailing list