Don't crash if crypt() fails.

It can fail, so make sure it doesn't before comparing its result with the password. This addresses Include Security issue F12: [libpcap] Remote Packet Capture Daemon Null Pointer Dereference Denial of Service.
author: Guy Harris <guy@alum.mit.edu> 2018-08-05 19:04:38 -0700
committer: Guy Harris <guy@alum.mit.edu> 2019-10-02 13:22:10 -0700
commit: 7241300e3df8038eeafb453edddccbb10c27fe0a (patch)
tree: c6fc8140dbf278c6228ad40600ef8862ec88d668 /rpcapd
parent: 5013ea4beb87a8c0e5163d8bf741480e9368a942 (diff)
download: libpcap-7241300e3df8038eeafb453edddccbb10c27fe0a.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
index 42cb2181..55e3fa30 100644
--- a/rpcapd/daemon.c
+++ b/rpcapd/daemon.c
@@ -1458,6 +1458,7 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
 #ifdef HAVE_GETSPNAM
 	struct spwd *usersp;
 #endif
+	char *crypt_password;
 
 	// This call is needed to get the uid
 	if ((user = getpwnam(username)) == NULL)
@@ -1488,7 +1489,13 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
 	user_password = user->pw_passwd;
 #endif
 
-	if (strcmp(user_password, (char *) crypt(password, user_password)) != 0)
+	crypt_password = crypt(password, user_password);
+	if (crypt_password == NULL)
+	{
+		snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
+		return -1;
+	}
+	if (strcmp(user_password, crypt_password) != 0)
 	{
 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: user name or password incorrect");
 		return -1;
author	Guy Harris <guy@alum.mit.edu>	2018-08-05 19:04:38 -0700
committer	Guy Harris <guy@alum.mit.edu>	2019-10-02 13:22:10 -0700
commit	7241300e3df8038eeafb453edddccbb10c27fe0a (patch)
tree	c6fc8140dbf278c6228ad40600ef8862ec88d668 /rpcapd
parent	5013ea4beb87a8c0e5163d8bf741480e9368a942 (diff)
download	libpcap-7241300e3df8038eeafb453edddccbb10c27fe0a.tar.gz