37 lines
947 B
Diff
37 lines
947 B
Diff
https://github.com/OpenSMTPD/OpenSMTPD/pull/835
|
|
|
|
avoid null pointer deref if crypt(3) fails and returns null
|
|
|
|
include "includes.h" so HAVE_CRYPT_H is defined and crypt.h gets included
|
|
|
|
--- openbsd-compat/crypt_checkpass.c
|
|
+++ openbsd-compat/crypt_checkpass.c
|
|
@@ -1,5 +1,6 @@
|
|
/* OPENBSD ORIGINAL: lib/libc/crypt/cryptutil.c */
|
|
|
|
+#include "includes.h"
|
|
#include <errno.h>
|
|
#ifdef HAVE_CRYPT_H
|
|
#include <crypt.h>
|
|
@@ -10,6 +11,8 @@
|
|
int
|
|
crypt_checkpass(const char *pass, const char *goodhash)
|
|
{
|
|
+ char *c;
|
|
+
|
|
if (goodhash == NULL)
|
|
goto fail;
|
|
|
|
@@ -17,7 +20,11 @@ crypt_checkpass(const char *pass, const char *goodhash)
|
|
if (strlen(goodhash) == 0 && strlen(pass) == 0)
|
|
return 0;
|
|
|
|
- if (strcmp(crypt(pass, goodhash), goodhash) == 0)
|
|
+ c = crypt(pass, goodhash);
|
|
+ if (c == NULL)
|
|
+ goto fail;
|
|
+
|
|
+ if (strcmp(c, goodhash) == 0)
|
|
return 0;
|
|
|
|
fail:
|