diff options
author | Guy Harris <guy@alum.mit.edu> | 2018-08-05 19:04:38 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2019-10-02 13:22:10 -0700 |
commit | 7241300e3df8038eeafb453edddccbb10c27fe0a (patch) | |
tree | c6fc8140dbf278c6228ad40600ef8862ec88d668 /rpcapd | |
parent | 5013ea4beb87a8c0e5163d8bf741480e9368a942 (diff) | |
download | libpcap-7241300e3df8038eeafb453edddccbb10c27fe0a.tar.gz |
Don't crash if crypt() fails.
It can fail, so make sure it doesn't before comparing its result with
the password.
This addresses Include Security issue F12: [libpcap] Remote Packet
Capture Daemon Null Pointer Dereference Denial of Service.
Diffstat (limited to 'rpcapd')
-rw-r--r-- | rpcapd/daemon.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c index 42cb2181..55e3fa30 100644 --- a/rpcapd/daemon.c +++ b/rpcapd/daemon.c @@ -1458,6 +1458,7 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf) #ifdef HAVE_GETSPNAM struct spwd *usersp; #endif + char *crypt_password; // This call is needed to get the uid if ((user = getpwnam(username)) == NULL) @@ -1488,7 +1489,13 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf) user_password = user->pw_passwd; #endif - if (strcmp(user_password, (char *) crypt(password, user_password)) != 0) + crypt_password = crypt(password, user_password); + if (crypt_password == NULL) + { + snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed"); + return -1; + } + if (strcmp(user_password, crypt_password) != 0) { snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: user name or password incorrect"); return -1; |