Check for crypt() returning NULL. Traditionally, crypt() never

author Todd C. Miller <Todd.Miller@courtesan.com>

Thu, 19 Feb 2015 20:41:16 +0000 (13:41 -0700)

committer Todd C. Miller <Todd.Miller@courtesan.com>

Thu, 19 Feb 2015 20:41:16 +0000 (13:41 -0700)
author Todd C. Miller <Todd.Miller@courtesan.com>
Thu, 19 Feb 2015 20:41:16 +0000 (13:41 -0700)
committer Todd C. Miller <Todd.Miller@courtesan.com>
Thu, 19 Feb 2015 20:41:16 +0000 (13:41 -0700)
diff --git a/auth/passwd.c b/auth/passwd.c

index 0cee8a3035a07204e4f545c64b59077c5f367feb..bea1ac05195bea4c37a0218a002cf4005539c3a4 100644 (file)
--- a/auth/passwd.c
+++ b/auth/passwd.c
@@ -73,14 +73,14 @@ passwd_verify(pw, pass, auth)
      char sav, *epass;
      char *pw_epasswd = auth->data;
      size_t pw_len;
-    int error;
+    int matched = 0;
  
      pw_len = strlen(pw_epasswd);
  
  #ifdef HAVE_GETAUTHUID
      /* Ultrix shadow passwords may use crypt16() */
-    error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd));
-    if (!error)
+    epass = (char *) crypt16(pass, pw_epasswd);
+    if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
         return AUTH_SUCCESS;
  #endif /* HAVE_GETAUTHUID */
  
@@ -99,12 +99,14 @@ passwd_verify(pw, pass, auth)
       */
      epass = (char *) crypt(pass, pw_epasswd);
      pass[8] = sav;
-    if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
-       error = strncmp(pw_epasswd, epass, DESLEN);
-    else
-       error = strcmp(pw_epasswd, epass);
+    if (epass != NULL) {
+       if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
+           matched = !strncmp(pw_epasswd, epass, DESLEN);
+       else
+           matched = !strcmp(pw_epasswd, epass);
+    }
  
-    return error ? AUTH_FAILURE : AUTH_SUCCESS;
+    return matched ? AUTH_SUCCESS : AUTH_FAILURE;
  }
  
  int
diff --git a/auth/secureware.c b/auth/secureware.c

index 57a032f71cb430b11941fb2a0bb7d4ca38a9a0c1..bf9aa772014e3496f74ed1fd0987c4046cebd64d 100644 (file)
--- a/auth/secureware.c
+++ b/auth/secureware.c
@@ -76,27 +76,25 @@ secureware_verify(pw, pass, auth)
      sudo_auth *auth;
  {
      char *pw_epasswd = auth->data;
+    char *epass = NULL;
  #ifdef __alpha
      extern int crypt_type;
  
-#  ifdef HAVE_DISPCRYPT
-    if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0)
-       return AUTH_SUCCESS;
-#  else
-    if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
-       if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
-           return AUTH_SUCCESS;
-    } else if (crypt_type == AUTH_CRYPT_CRYPT16) {
-       if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0)
-           return AUTH_SUCCESS;
-    }
-#  endif /* HAVE_DISPCRYPT */
+# ifdef HAVE_DISPCRYPT
+    epass = dispcrypt(pass, pw_epasswd, crypt_type);
+# else
+    if (crypt_type == AUTH_CRYPT_BIGCRYPT)
+       epass = bigcrypt(pass, pw_epasswd);
+    else if (crypt_type == AUTH_CRYPT_CRYPT16)
+       epass = crypt(pass, pw_epasswd);
+# endif /* HAVE_DISPCRYPT */
  #elif defined(HAVE_BIGCRYPT)
-    if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
-       return AUTH_SUCCESS;
+    epass = bigcrypt(pass, pw_epasswd);
  #endif /* __alpha */
  
-       return AUTH_FAILURE;
+    if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
+       return AUTH_SUCCESS;
+    return AUTH_FAILURE;
  }
  
  int
author	Todd C. Miller <Todd.Miller@courtesan.com>
	Thu, 19 Feb 2015 20:41:16 +0000 (13:41 -0700)
committer	Todd C. Miller <Todd.Miller@courtesan.com>
	Thu, 19 Feb 2015 20:41:16 +0000 (13:41 -0700)
auth/passwd.c		patch \| blob \| history
auth/secureware.c		patch \| blob \| history