From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Sun, 9 Dec 2001 05:17:00 +0000 (+0000)
Subject: Be carefule now that tgetpass() can return NULL (user hit ^C).
X-Git-Tag: SUDO_1_6_4~146
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=88951a3b9d49d3c61c390d4cff2f997830429058;p=sudo

Be carefule now that tgetpass() can return NULL (user hit ^C).
PAM version needs testing.
Set SIGTSTP to SIG_DFL during password entry so user can suspend us.
---

diff --git a/auth/aix_auth.c b/auth/aix_auth.c
index 39afbf58d..dcd7b9bf8 100644
--- a/auth/aix_auth.c
+++ b/auth/aix_auth.c
@@ -68,7 +68,7 @@ aixauth_verify(pw, prompt, auth)
     int reenter = 1;
 
     pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
-    if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
+    if (pass && authenticate(pw->pw_name, pass, &reenter, &message) == 0)
 	return(AUTH_SUCCESS);
     else
 	return(AUTH_FAILURE);
diff --git a/auth/bsdauth.c b/auth/bsdauth.c
index cfd3f9da6..ff454b7d4 100644
--- a/auth/bsdauth.c
+++ b/auth/bsdauth.c
@@ -125,7 +125,7 @@ bsdauth_verify(pw, prompt, auth)
 	pass = tgetpass(prompt, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
     } else {
 	pass = tgetpass(s, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
-	if (!pass || *pass == '\0') {
+	if (pass && *pass == '\0') {
 	    if ((prompt = strrchr(s, '\n')))
 		prompt++;
 	    else
@@ -145,10 +145,10 @@ bsdauth_verify(pw, prompt, auth)
 	}
     }
 
-    if (!pass || *pass == '\0')
-	nil_pw = 1;			/* empty password */
+    if (!pass || *pass == '\0')		/* ^C or empty password */
+	nil_pw = 1;
 
-    authok = auth_userresponse(as, pass, 1);
+    authok = pass ? auth_userresponse(as, pass, 1) : 0;
 
     /* restore old signal handler */
     (void)signal(SIGCHLD, childkiller);
diff --git a/auth/fwtk.c b/auth/fwtk.c
index 8d395dd8b..047bf5c8d 100644
--- a/auth/fwtk.c
+++ b/auth/fwtk.c
@@ -119,7 +119,7 @@ fwtk_verify(pw, prompt, auth)
     if (strncmp(resp, "challenge ", 10) == 0) {
 	(void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
 	pass = tgetpass(buf, def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags);
-	if (!pass || *pass == '\0') {
+	if (pass && *pass == '\0') {
 	    pass = tgetpass("Response [echo on]: ",
 		def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags | TGP_ECHO);
 	}
@@ -130,8 +130,11 @@ fwtk_verify(pw, prompt, auth)
 	(void) fprintf(stderr, "%s: %s\n", Argv[0], resp);
 	return(AUTH_FATAL);
     }
-    if (!pass || *pass == '\0')
-	nil_pw = 1;			/* empty password */
+    if (!pass) {			/* ^C or error */
+	nil_pw = 1;
+	return(AUTH_FAILURE);
+    } else if (*pass == '\0')		/* empty password */
+	nil_pw = 1;
 
     /* Send the user's response to the server */
     (void) snprintf(buf, sizeof(buf), "response '%s'", pass);
diff --git a/auth/pam.c b/auth/pam.c
index 98cfa3d62..df83367a1 100644
--- a/auth/pam.c
+++ b/auth/pam.c
@@ -156,7 +156,8 @@ sudo_conv(num_msg, msg, response, appdata_ptr)
 		/* Read the password. */
 		pr->resp = estrdup((char *) tgetpass(p,
 		    def_ival(I_PASSWD_TIMEOUT) * 60, tgetpass_flags));
-		if (*pr->resp == '\0')
+		/* XXX - is a NULL resp OK? */
+		if (pr->resp == NULL || *pr->resp == '\0')
 		    nil_pw = 1;		/* empty password */
 		break;
 	    case PAM_TEXT_INFO:
diff --git a/auth/sudo_auth.c b/auth/sudo_auth.c
index 06ca9c9be..f6b6f59fa 100644
--- a/auth/sudo_auth.c
+++ b/auth/sudo_auth.c
@@ -34,6 +34,9 @@
 
 #include "config.h"
 
+#include <sys/param.h>
+#include <sys/types.h>
+
 #include <stdio.h>
 #ifdef STDC_HEADERS
 #include <stdlib.h>
@@ -47,10 +50,9 @@
 #ifdef HAVE_STRINGS_H
 #include <strings.h>
 #endif /* HAVE_STRINGS_H */
-#include <sys/param.h>
-#include <sys/types.h>
 #include <pwd.h>
 #include <time.h>
+#include <signal.h>
 
 #include "sudo.h"
 #include "sudo_auth.h"
@@ -105,6 +107,13 @@ verify_user(pw, prompt)
     int flags;
     char *p;
     sudo_auth *auth;
+    sigaction_t sa, osa;
+
+    /* Enable suspend during password entry. */
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = SA_RESTART;
+    sa.sa_handler = SIG_DFL;
+    (void) sigaction(SIGTSTP, &sa, &osa);
 
     /* Make sure we have at least one auth method. */
     if (auth_switch[0].name == NULL)
@@ -164,7 +173,7 @@ verify_user(pw, prompt)
 #endif /* AUTH_STANDALONE */
 
 	/* Call authentication functions. */
-	for (auth = auth_switch; auth->name; auth++) {
+	for (auth = auth_switch; p && auth->name; auth++) {
 	    if (!IS_CONFIGURED(auth))
 		continue;
 
@@ -180,7 +189,8 @@ verify_user(pw, prompt)
 		goto cleanup;
 	}
 #ifndef AUTH_STANDALONE
-	(void) memset(p, 0, strlen(p));
+	if (p)
+	    (void) memset(p, 0, strlen(p));
 #endif
 
 	/* Exit loop on nil password, but give it a chance to match first. */
@@ -212,6 +222,7 @@ cleanup:
 
     switch (success) {
 	case AUTH_SUCCESS:
+	    (void) sigaction(SIGTSTP, &osa, NULL);
 	    return;
 	case AUTH_FAILURE:
 	    if (def_flag(I_MAIL_BADPASS) || def_flag(I_MAIL_ALWAYS))
@@ -224,6 +235,7 @@ cleanup:
 	case AUTH_FATAL:
 	    exit(1);
     }
+    /* NOTREACHED */
 }
 
 void