diff options
author | Guy Harris <guy@alum.mit.edu> | 2018-08-05 19:04:38 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2019-09-30 00:25:42 -0700 |
commit | 437b273761adedcbd880f714bfa44afeec186a31 (patch) | |
tree | c0a369b7c88acf5b243de43291fe543f18897015 /rpcapd | |
parent | bf4a63bda7e9eb142402693248a347a5705f9740 (diff) | |
download | libpcap-437b273761adedcbd880f714bfa44afeec186a31.tar.gz |
Don't crash if crypt() fails.
It can fail, so make sure it doesn't before comparing its result with
the password.
This addresses Include Security issue F12: [libpcap] Remote Packet
Capture Daemon Null Pointer Dereference Denial of Service.
Diffstat (limited to 'rpcapd')
-rw-r--r-- | rpcapd/daemon.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c index 98163289..c9b44aaf 100644 --- a/rpcapd/daemon.c +++ b/rpcapd/daemon.c @@ -1222,6 +1222,7 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf) #ifdef HAVE_GETSPNAM struct spwd *usersp; #endif + char *crypt_password; // This call is needed to get the uid if ((user = getpwnam(username)) == NULL) @@ -1252,7 +1253,13 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf) user_password = user->pw_passwd; #endif - if (strcmp(user_password, (char *) crypt(password, user_password)) != 0) + crypt_password = crypt(password, user_password); + if (crypt_password == NULL) + { + pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed"); + return -1; + } + if (strcmp(user_password, crypt_password) != 0) { pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: user name or password incorrect"); return -1; |