diff options
| author | Todd C. Miller <Todd.Miller@courtesan.com> | 2015-02-19 13:41:16 -0700 |
|---|---|---|
| committer | Todd C. Miller <Todd.Miller@courtesan.com> | 2015-02-19 13:41:16 -0700 |
| commit | 8332e9244fea29a89d509b046c3d7102add90388 (patch) | |
| tree | a9493849a97583e6c6508f3791a4b6bbf87959be | |
| parent | 3ff5f7af1cfb540b0f6269477e46f783c572b557 (diff) | |
| download | sudo-8332e9244fea29a89d509b046c3d7102add90388.tar.gz | |
Check for crypt() returning NULL. Traditionally, crypt() never
returned NULL but newer versions of eglibc have a crypt() that does.
Bug #598
| -rw-r--r-- | auth/passwd.c | 18 | ||||
| -rw-r--r-- | auth/secureware.c | 28 |
2 files changed, 23 insertions, 23 deletions
diff --git a/auth/passwd.c b/auth/passwd.c index 0cee8a303..bea1ac051 100644 --- a/auth/passwd.c +++ b/auth/passwd.c @@ -73,14 +73,14 @@ passwd_verify(pw, pass, auth) char sav, *epass; char *pw_epasswd = auth->data; size_t pw_len; - int error; + int matched = 0; pw_len = strlen(pw_epasswd); #ifdef HAVE_GETAUTHUID /* Ultrix shadow passwords may use crypt16() */ - error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd)); - if (!error) + epass = (char *) crypt16(pass, pw_epasswd); + if (epass != NULL && strcmp(pw_epasswd, epass) == 0) return AUTH_SUCCESS; #endif /* HAVE_GETAUTHUID */ @@ -99,12 +99,14 @@ passwd_verify(pw, pass, auth) */ epass = (char *) crypt(pass, pw_epasswd); pass[8] = sav; - if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) - error = strncmp(pw_epasswd, epass, DESLEN); - else - error = strcmp(pw_epasswd, epass); + if (epass != NULL) { + if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) + matched = !strncmp(pw_epasswd, epass, DESLEN); + else + matched = !strcmp(pw_epasswd, epass); + } - return error ? AUTH_FAILURE : AUTH_SUCCESS; + return matched ? AUTH_SUCCESS : AUTH_FAILURE; } int diff --git a/auth/secureware.c b/auth/secureware.c index 57a032f71..bf9aa7720 100644 --- a/auth/secureware.c +++ b/auth/secureware.c @@ -76,27 +76,25 @@ secureware_verify(pw, pass, auth) sudo_auth *auth; { char *pw_epasswd = auth->data; + char *epass = NULL; #ifdef __alpha extern int crypt_type; -# ifdef HAVE_DISPCRYPT - if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0) - return AUTH_SUCCESS; -# else - if (crypt_type == AUTH_CRYPT_BIGCRYPT) { - if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0) - return AUTH_SUCCESS; - } else if (crypt_type == AUTH_CRYPT_CRYPT16) { - if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0) - return AUTH_SUCCESS; - } -# endif /* HAVE_DISPCRYPT */ +# ifdef HAVE_DISPCRYPT + epass = dispcrypt(pass, pw_epasswd, crypt_type); +# else + if (crypt_type == AUTH_CRYPT_BIGCRYPT) + epass = bigcrypt(pass, pw_epasswd); + else if (crypt_type == AUTH_CRYPT_CRYPT16) + epass = crypt(pass, pw_epasswd); +# endif /* HAVE_DISPCRYPT */ #elif defined(HAVE_BIGCRYPT) - if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0) - return AUTH_SUCCESS; + epass = bigcrypt(pass, pw_epasswd); #endif /* __alpha */ - return AUTH_FAILURE; + if (epass != NULL && strcmp(pw_epasswd, epass) == 0) + return AUTH_SUCCESS; + return AUTH_FAILURE; } int |