Don't crash if crypt() fails.

It can fail, so make sure it doesn't before comparing its result with the password. This addresses Include Security issue F12: [libpcap] Remote Packet Capture Daemon Null Pointer Dereference Denial of Service.
author: Guy Harris <guy@alum.mit.edu> 2018-08-05 19:04:38 -0700
committer: Guy Harris <guy@alum.mit.edu> 2019-09-30 00:25:42 -0700
commit: 437b273761adedcbd880f714bfa44afeec186a31 (patch)
tree: c0a369b7c88acf5b243de43291fe543f18897015 /rpcapd
parent: bf4a63bda7e9eb142402693248a347a5705f9740 (diff)
download: libpcap-437b273761adedcbd880f714bfa44afeec186a31.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
index 98163289..c9b44aaf 100644
--- a/rpcapd/daemon.c
+++ b/rpcapd/daemon.c
@@ -1222,6 +1222,7 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
 #ifdef HAVE_GETSPNAM
 	struct spwd *usersp;
 #endif
+	char *crypt_password;
 
 	// This call is needed to get the uid
 	if ((user = getpwnam(username)) == NULL)
@@ -1252,7 +1253,13 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
 	user_password = user->pw_passwd;
 #endif
 
-	if (strcmp(user_password, (char *) crypt(password, user_password)) != 0)
+	crypt_password = crypt(password, user_password);
+	if (crypt_password == NULL)
+	{
+		pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
+		return -1;
+	}
+	if (strcmp(user_password, crypt_password) != 0)
 	{
 		pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: user name or password incorrect");
 		return -1;
author	Guy Harris <guy@alum.mit.edu>	2018-08-05 19:04:38 -0700
committer	Guy Harris <guy@alum.mit.edu>	2019-09-30 00:25:42 -0700
commit	437b273761adedcbd880f714bfa44afeec186a31 (patch)
tree	c0a369b7c88acf5b243de43291fe543f18897015 /rpcapd
parent	bf4a63bda7e9eb142402693248a347a5705f9740 (diff)
download	libpcap-437b273761adedcbd880f714bfa44afeec186a31.tar.gz