tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-30 01:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

in pick_salt() avoid dereference of NULL passwords

Browse Source 
Apparently some NIS implementations can leave pw->pw_passwd (or the
shadow equivalent) NULL.

bz#2909; based on patch from Todd Eigenschink
This commit is contained in:
Damien Miller 2018-10-10 14:57:00 +11:00
parent edbb6febcc
commit d1d301a1dd
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
openbsd-compat/xcrypt.c
View File

@ -82,7 +82,8 @@ pick_salt(void)
strlcpy(salt, "xx", sizeof(salt)); strlcpy(salt, "xx", sizeof(salt));
setpwent(); setpwent();
while ((pw = getpwent()) != NULL) { while ((pw = getpwent()) != NULL) {
passwd = shadow_pw(pw); if ((passwd = shadow_pw(pw)) == NULL)
continue;
if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) { if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
typelen = p - passwd + 1; typelen = p - passwd + 1;
strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));