Check for crypt() returning NULL. Traditionally, crypt() never returned

NULL but newer versions of eglibc have a crypt() that does.  Bug #598

diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c
index 2cc16c370c4f3dea02aacdd2b667d98f121e0750..efb44e335f1b0749a5ba3a4e26a905ed721a4218 100644 (file)
--- a/plugins/sudoers/auth/passwd.c
+++ b/plugins/sudoers/auth/passwd.c
@@ -68,15 +68,15 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth)
     char sav, *epass;
     char *pw_epasswd = auth->data;
     size_t pw_len;
-    int error;
+    int matched = 0;
     debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH)
 
     pw_len = strlen(pw_epasswd);
 
 #ifdef HAVE_GETAUTHUID
     /* Ultrix shadow passwords may use crypt16() */
-    error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd));
-    if (!error)
+    epass = (char *) crypt16(pass, pw_epasswd);
+    if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
        debug_return_int(AUTH_SUCCESS);
 #endif /* HAVE_GETAUTHUID */
 
@@ -95,12 +95,14 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth)
      */
     epass = (char *) crypt(pass, pw_epasswd);
     pass[8] = sav;
-    if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
-       error = strncmp(pw_epasswd, epass, DESLEN);
-    else
-       error = strcmp(pw_epasswd, epass);
+    if (epass != NULL) {
+       if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
+           matched = !strncmp(pw_epasswd, epass, DESLEN);
+       else
+           matched = !strcmp(pw_epasswd, epass);
+    }
 
-    debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS);
+    debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE);
 }
 
 int

diff --git a/plugins/sudoers/auth/secureware.c b/plugins/sudoers/auth/secureware.c
index 70a9c7b33779f2b1283c910be102c495738c6fb5..bc024df4c7d1b89a74aa8545b9299b4656649c1d 100644 (file)
--- a/plugins/sudoers/auth/secureware.c
+++ b/plugins/sudoers/auth/secureware.c
@@ -73,30 +73,28 @@ int
 sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth)
 {
     char *pw_epasswd = auth->data;
+    char *epass = NULL;
     debug_decl(sudo_secureware_verify, SUDO_DEBUG_AUTH)
 #ifdef __alpha
     {
        extern int crypt_type;
 
-#  ifdef HAVE_DISPCRYPT
-       if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0)
-           debug_return_int(AUTH_SUCCESS);
-#  else
-       if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
-           if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
-               debug_return_int(AUTH_SUCCESS);
-       } else if (crypt_type == AUTH_CRYPT_CRYPT16) {
-           if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0)
-               debug_return_int(AUTH_SUCCESS);
-       }
+# ifdef HAVE_DISPCRYPT
+       epass = dispcrypt(pass, pw_epasswd, crypt_type);
+# else
+       if (crypt_type == AUTH_CRYPT_BIGCRYPT)
+           epass = bigcrypt(pass, pw_epasswd);
+       else if (crypt_type == AUTH_CRYPT_CRYPT16)
+           epass = crypt(pass, pw_epasswd);
     }
-#  endif /* HAVE_DISPCRYPT */
+# endif /* HAVE_DISPCRYPT */
 #elif defined(HAVE_BIGCRYPT)
-    if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
-       debug_return_int(AUTH_SUCCESS);
+    epass = bigcrypt(pass, pw_epasswd);
 #endif /* __alpha */
 
-       debug_return_int(AUTH_FAILURE);
+    if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
+       debug_return_int(AUTH_SUCCESS);
+    debug_return_int(AUTH_FAILURE);
 }
 
 int