- (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would

occur if the server did not have the privsep user and an invalid user tried to login and both privsep and krb5 auth are disabled.
2006-12-05 09:08:54 +11:00 · 2006-12-05 09:08:54 +11:00 · 143c2ef1ce
parent b0781f79db
commit 143c2ef1ce
2 changed files with 8 additions and 3 deletions
--- a/7
+++ b/7
@ -1,3 +1,8 @@
+20061205
+ - (djm) [auth.c] Fix NULL pointer dereference in fakepw().  Crash would
+   occur if the server did not have the privsep user and an invalid user
+   tried to login and both privsep and krb5 auth are disabled; ok dtucker@
+
 20061108
 - (dtucker) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2006/11/07 13:02:07
@ -2611,4 +2616,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@

-$Id: ChangeLog,v 1.4589 2006/11/07 23:01:36 dtucker Exp $
+$Id: ChangeLog,v 1.4590 2006/12/04 22:08:54 djm Exp $
--- a/auth.c
+++ b/auth.c
@ -569,8 +569,8 @@ fakepw(void)
 	fake.pw_passwd =
 	    "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
 	fake.pw_gecos = "NOUSER";
-	fake.pw_uid = privsep_pw->pw_uid;
-	fake.pw_gid = privsep_pw->pw_gid;
+	fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid;
+	fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid;
 #ifdef HAVE_PW_CLASS_IN_PASSWD
 	fake.pw_class = "";
 #endif