Commit 7777194d authored by Michael Pyne's avatar Michael Pyne
Browse files

kdm, kcheckpass: Check for NULL return from crypt(3) and friends.

Potential issue noted and fixed by Mancha <mancha1@hush.com>.

Patch reviewed by myself and ossi. Review request was closed out by the
backport commit.
parent 28e6799d
......@@ -35,6 +35,7 @@ AuthReturn Authenticate(const char *method,
{
struct passwd *pw;
char *passwd;
char *crpt_passwd;
if (strcmp(method, "classic"))
return AuthError;
......@@ -49,7 +50,7 @@ AuthReturn Authenticate(const char *method,
if (!(passwd = conv(ConvGetHidden, 0)))
return AuthAbort;
if (!strcmp(pw->pw_passwd, crypt(passwd, pw->pw_passwd))) {
if ((crpt_passwd = crypt(passwd, pw->pw_passwd)) && !strcmp(pw->pw_passwd, crpt_passwd)) {
dispose(passwd);
return AuthOk; /* Success */
}
......
......@@ -38,6 +38,7 @@ AuthReturn Authenticate(const char *method,
const char *login, char *(*conv) (ConvRequest, const char *))
{
char *passwd;
char *crpt_passwd;
char c2passwd[256];
if (strcmp(method, "classic"))
......@@ -52,7 +53,7 @@ AuthReturn Authenticate(const char *method,
if (!(passwd = conv(ConvGetHidden, 0)))
return AuthAbort;
if (!strcmp(c2passwd, osf1c2crypt(passwd, c2passwd))) {
if ((crpt_passwd = osf1c2crypt(passwd, c2passwd)) && !strcmp(c2passwd, crpt_passwd)) {
dispose(passwd);
return AuthOk; /* Success */
}
......
......@@ -69,7 +69,7 @@ AuthReturn Authenticate(const char *method,
crpt_passwd = crypt(typed_in_password, password);
#endif
if (!strcmp(password, crpt_passwd )) {
if (crpt_passwd && !strcmp(password, crpt_passwd )) {
dispose(typed_in_password);
return AuthOk; /* Success */
}
......
......@@ -540,6 +540,9 @@ verify(GConvFunc gconv, int rootok)
# if defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || defined(USESHADOW)
int tim, expir, warntime, quietlog;
# endif
# if !defined(ultrix) && !defined(__ultrix__) && (defined(HAVE_PW_ENCRYPT) || defined(HAVE_CRYPT))
char *crpt_passwd;
# endif
#endif
debug("verify ...\n");
......@@ -752,9 +755,9 @@ verify(GConvFunc gconv, int rootok)
# if defined(ultrix) || defined(__ultrix__)
if (authenticate_user(p, curpass, 0) < 0)
# elif defined(HAVE_PW_ENCRYPT)
if (strcmp(pw_encrypt(curpass, p->pw_passwd), p->pw_passwd))
if (!(crpt_passwd = pw_encrypt(curpass, p->pw_passwd)) || strcmp(crpt_passwd, p->pw_passwd))
# elif defined(HAVE_CRYPT)
if (strcmp(crypt(curpass, p->pw_passwd), p->pw_passwd))
if (!(crpt_passwd = crypt(curpass, p->pw_passwd)) || strcmp(crpt_passwd, p->pw_passwd))
# else
if (strcmp(curpass, p->pw_passwd))
# endif
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment