From cbaa666d4f21988164068a38ac915f8b4f3c4da3 Mon Sep 17 00:00:00 2001
From: Sadrul Habib Chowdhury <sadrul@users.sourceforge.net>
Date: Sat, 15 Sep 2012 03:40:23 +0000
Subject: Guard against NULL returns from crypt().
crypt() can return NULL on an error. Make sure these nulls are
handled properly instead of crashing. The fix is thanks to a patch
from Lukás Nykrýn <lnykryn@redhat.com>.
---
diff --git a/src/acls.c b/src/acls.c
index e728bb8..2f8c809 100644
--- a/src/acls.c
+++ b/src/acls.c
@@ -455,6 +455,16 @@ int recursive;
return gp; /* *gp is NULL */
}
+static int
+PasswordMatches(pw, password)
+const char *pw, *password;
+{
+ if (!*password)
+ return 0;
+ char *buf = crypt(pw, password);
+ return (buf && !strcmp(buf, password));
+}
+
/*
* Returns nonzero if failed or already linked.
* Both users are created on demand.
@@ -544,8 +554,7 @@ char *name, *pw1, *pw2;
if (pw2 && *pw2 && *pw2 != '\377') /* provided a system password */
{
- if (!*pass || /* but needed none */
- strcmp(crypt(pw2, pass), pass))
+ if (!PasswordMatches(pw2, pass))
{
debug("System password mismatch\n");
sorry++;
@@ -554,11 +563,10 @@ char *name, *pw1, *pw2;
else /* no pasword provided */
if (*pass) /* but need one */
sorry++;
-#endif
+#endif /* CHECKLOGIN */
if (pw1 && *pw1 && *pw1 != '\377') /* provided a screen password */
{
- if (!*u->u_password || /* but needed none */
- strcmp(crypt(pw1, u->u_password), u->u_password))
+ if (!PasswordMatches(pw1, u->u_password))
{
debug("screen password mismatch\n");
sorry++;
diff --git a/src/attacher.c b/src/attacher.c
index 370d594..4e496be 100644
--- a/src/attacher.c
+++ b/src/attacher.c
@@ -882,6 +882,12 @@ screen_builtin_lck()
salt[1] = 'A' + (int)((time(0) >> 6) % 26);
salt[2] = 0;
pass = crypt(mypass, salt);
+ if (!pass)
+ {
+ fprintf(stderr, "crypt() error.\007\n");
+ sleep(2);
+ return;
+ }
pass = ppp->pw_passwd = SaveStr(pass);
}
#endif
@@ -924,7 +930,8 @@ screen_builtin_lck()
if (pam_error == PAM_SUCCESS)
break;
#else
- if (!strncmp(crypt(cp1, pass), pass, strlen(pass)))
+ char *buf = crypt(cp1, pass);
+ if (buf && !strncmp(buf, pass, strlen(pass)))
break;
#endif
debug("screen_builtin_lck: NO!!!!!\n");
diff --git a/src/process.c b/src/process.c
index bdf9355..30497a3 100644
--- a/src/process.c
+++ b/src/process.c
@@ -6360,6 +6360,12 @@ char *data;
buf = crypt(u->u_password, salt);
bzero(u->u_password, strlen(u->u_password));
free((char *)u->u_password);
+ if (!buf)
+ {
+ Msg(0, "[ crypt() error - no secure ]");
+ u->u_password = NullStr;
+ return;
+ }
u->u_password = SaveStr(buf);
bzero(buf, strlen(buf));
#ifdef COPY_PASTE
diff --git a/src/socket.c b/src/socket.c
index 8f9a315..a7755a4 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -1565,13 +1565,18 @@ int ilen;
c = *(unsigned char *)ibuf++;
if (c == '\r' || c == '\n')
{
+ char *buf = NULL;
up = D_user->u_password;
pwdata->buf[l] = 0;
- if (strncmp(crypt(pwdata->buf, up), up, strlen(up)))
+ buf = crypt(pwdata->buf, up);
+ if (!buf || strncmp(buf, up, strlen(up)))
{
/* uh oh, user failed */
bzero(pwdata->buf, sizeof(pwdata->buf));
- AddStr("\r\nPassword incorrect.\r\n");
+ if (!buf)
+ AddStr("\r\ncrypt() failed.\r\n");
+ else
+ AddStr("\r\nPassword incorrect.\r\n");
D_processinputdata = 0; /* otherwise freed by FreeDis */
FreeDisplay();
Msg(0, "Illegal reattach attempt from terminal %s.", pwdata->m.m_tty);
--
cgit v0.9.0.2
