diff options
author | kevlo <kevlo@FreeBSD.org> | 2012-02-22 06:27:20 +0000 |
---|---|---|
committer | kevlo <kevlo@FreeBSD.org> | 2012-02-22 06:27:20 +0000 |
commit | 1381e63d6caac1d5d064b60f6e2cb11bf0608e14 (patch) | |
tree | 456afe25d5d911e27dc003830e6ca01ed80dab54 /usr.sbin | |
parent | 749a5f142f69ff02971e21c6dca8eab3f65d8de9 (diff) | |
download | FreeBSD-src-1381e63d6caac1d5d064b60f6e2cb11bf0608e14.zip FreeBSD-src-1381e63d6caac1d5d064b60f6e2cb11bf0608e14.tar.gz |
Handle NULL return from crypt(3). Mostly from DragonFly
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/ppp/auth.c | 4 | ||||
-rw-r--r-- | usr.sbin/pw/pw_user.c | 6 | ||||
-rw-r--r-- | usr.sbin/rpc.yppasswdd/yppasswdd_server.c | 5 |
3 files changed, 11 insertions, 4 deletions
diff --git a/usr.sbin/ppp/auth.c b/usr.sbin/ppp/auth.c index 66a3de7..fbfc929 100644 --- a/usr.sbin/ppp/auth.c +++ b/usr.sbin/ppp/auth.c @@ -126,9 +126,11 @@ auth_CheckPasswd(const char *name, const char *data, const char *key) /* Then look up the real password database */ struct passwd *pw; int result; + char *cryptpw; + cryptpw = crypt(key, pw->pw_passwd); result = (pw = getpwnam(name)) && - !strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd); + (cryptpw == NULL || !strcmp(cryptpw, pw->pw_passwd)); endpwent(); return result; #else /* !NOPAM */ diff --git a/usr.sbin/pw/pw_user.c b/usr.sbin/pw/pw_user.c index 0001a41..b59789c 100644 --- a/usr.sbin/pw/pw_user.c +++ b/usr.sbin/pw/pw_user.c @@ -1028,6 +1028,7 @@ pw_pwcrypt(char *password) { int i; char salt[SALTSIZE + 1]; + char *cryptpw; static char buf[256]; @@ -1038,7 +1039,10 @@ pw_pwcrypt(char *password) salt[i] = chars[arc4random_uniform(sizeof(chars) - 1)]; salt[SALTSIZE] = '\0'; - return strcpy(buf, crypt(password, salt)); + cryptpw = crypt(password, salt); + if (cryptpw == NULL) + errx(EX_CONFIG, "crypt(3) failure"); + return strcpy(buf, cryptpw); } diff --git a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c index 446b130..0260e4c 100644 --- a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c +++ b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c @@ -460,6 +460,7 @@ yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp) int passwd_changed = 0; int shell_changed = 0; int gecos_changed = 0; + char *cryptpw; char *oldshell = NULL; char *oldgecos = NULL; char *passfile_hold; @@ -537,8 +538,8 @@ yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp) /* Step 2: check that the supplied oldpass is valid. */ - if (strcmp(crypt(argp->oldpass, yp_password.pw_passwd), - yp_password.pw_passwd)) { + cryptpw = crypt(argp->oldpass, yp_password.pw_passwd); + if (cryptpw == NULL || strcmp(cryptpw, yp_password.pw_passwd)) { yp_error("rejected change attempt -- bad password"); yp_error("client address: %s username: %s", inet_ntoa(rqhost->sin_addr), |