diff options
author | jorton <jorton@13f79535-47bb-0310-9956-ffa450edef68> | 2012-06-06 13:06:02 +0000 |
---|---|---|
committer | jorton <jorton@13f79535-47bb-0310-9956-ffa450edef68> | 2012-06-06 13:06:02 +0000 |
commit | dbdf97f8970c944afdd87e8ebcf2deb0eb854502 (patch) | |
tree | 646b7b4135ea40202798e432aa2425d2c548c6af | |
parent | e1f248152666f0ce32b133a7f236b5f3b637fb57 (diff) | |
download | libapr-util-dbdf97f8970c944afdd87e8ebcf2deb0eb854502.tar.gz |
Merge r779396 from trunk:
* Failing crypt can cause a segfault. Check for result of crypt to avoid this.
PR: 47272
Submitted by: Arkadiusz Miskiewicz <arekm pld-linux.org>
Reviewed by: rpluem (trunk commit)
git-svn-id: http://svn.apache.org/repos/asf/apr/apr-util/branches/1.5.x@1346872 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | crypto/apr_md5.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/crypto/apr_md5.c b/crypto/apr_md5.c index 691cc878..0894e3ec 100644 --- a/crypto/apr_md5.c +++ b/crypto/apr_md5.c @@ -721,6 +721,9 @@ APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd, CRYPTD buffer; crypt_pw = crypt_r(passwd, hash, &buffer); + if (!crypt_pw) { + return APR_EMISMATCH; + } apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1); #elif defined(CRYPT_R_STRUCT_CRYPT_DATA) struct crypt_data buffer; @@ -732,6 +735,9 @@ APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd, */ memset(&buffer, 0, sizeof(buffer)); crypt_pw = crypt_r(passwd, hash, &buffer); + if (!crypt_pw) { + return APR_EMISMATCH; + } apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1); #else /* Do a bit of sanity checking since we know that crypt_r() @@ -748,6 +754,10 @@ APU_DECLARE(apr_status_t) apr_password_validate(const char *passwd, */ crypt_mutex_lock(); crypt_pw = crypt(passwd, hash); + if (!crypt_pw) { + crypt_mutex_unlock(); + return APR_EMISMATCH; + } apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1); crypt_mutex_unlock(); #endif |