Fix coredump if crypt returns NULL.
* libmailutils/auth/system.c: Check return from crypt before passing it to strcmp. * libmu_auth/sql.c: Likewise.
Showing
2 changed files
with
14 additions
and
5 deletions
| ... | @@ -100,12 +100,14 @@ mu_authenticate_generic (struct mu_auth_data **return_data MU_ARG_UNUSED, | ... | @@ -100,12 +100,14 @@ mu_authenticate_generic (struct mu_auth_data **return_data MU_ARG_UNUSED, |
| 100 | { | 100 | { |
| 101 | const struct mu_auth_data *auth_data = key; | 101 | const struct mu_auth_data *auth_data = key; |
| 102 | char *pass = call_data; | 102 | char *pass = call_data; |
| 103 | char *crypt_pass; | ||
| 103 | 104 | ||
| 104 | if (!auth_data || !pass) | 105 | if (!auth_data || !pass) |
| 105 | return EINVAL; | 106 | return EINVAL; |
| 106 | 107 | ||
| 107 | return auth_data->passwd | 108 | return auth_data->passwd && |
| 108 | && strcmp (auth_data->passwd, crypt (pass, auth_data->passwd)) == 0 ? | 109 | (crypt_pass = crypt (pass, auth_data->passwd)) != NULL && |
| 110 | strcmp (auth_data->passwd, crypt_pass) == 0 ? | ||
| 109 | 0 : MU_ERR_AUTH_FAILURE; | 111 | 0 : MU_ERR_AUTH_FAILURE; |
| 110 | } | 112 | } |
| 111 | 113 | ||
| ... | @@ -124,9 +126,12 @@ mu_authenticate_system (struct mu_auth_data **return_data MU_ARG_UNUSED, | ... | @@ -124,9 +126,12 @@ mu_authenticate_system (struct mu_auth_data **return_data MU_ARG_UNUSED, |
| 124 | if (auth_data) | 126 | if (auth_data) |
| 125 | { | 127 | { |
| 126 | struct spwd *spw; | 128 | struct spwd *spw; |
| 129 | char *crypt_pass; | ||
| 130 | |||
| 127 | spw = getspnam (auth_data->name); | 131 | spw = getspnam (auth_data->name); |
| 128 | if (spw) | 132 | if (spw) |
| 129 | return strcmp (spw->sp_pwdp, crypt (pass, spw->sp_pwdp)) == 0 ? | 133 | return (crypt_pass = crypt (pass, spw->sp_pwdp)) != NULL && |
| 134 | strcmp (spw->sp_pwdp, crypt_pass) == 0 ? | ||
| 130 | 0 : MU_ERR_AUTH_FAILURE; | 135 | 0 : MU_ERR_AUTH_FAILURE; |
| 131 | } | 136 | } |
| 132 | #endif | 137 | #endif | ... | ... |
| ... | @@ -627,7 +627,7 @@ mu_sql_authenticate (struct mu_auth_data **return_data MU_ARG_UNUSED, | ... | @@ -627,7 +627,7 @@ mu_sql_authenticate (struct mu_auth_data **return_data MU_ARG_UNUSED, |
| 627 | { | 627 | { |
| 628 | const struct mu_auth_data *auth_data = key; | 628 | const struct mu_auth_data *auth_data = key; |
| 629 | char *pass = call_data; | 629 | char *pass = call_data; |
| 630 | char *sql_pass; | 630 | char *sql_pass, *crypt_pass; |
| 631 | int rc; | 631 | int rc; |
| 632 | 632 | ||
| 633 | if (!auth_data) | 633 | if (!auth_data) |
| ... | @@ -639,7 +639,11 @@ mu_sql_authenticate (struct mu_auth_data **return_data MU_ARG_UNUSED, | ... | @@ -639,7 +639,11 @@ mu_sql_authenticate (struct mu_auth_data **return_data MU_ARG_UNUSED, |
| 639 | switch (mu_sql_module_config.password_type) | 639 | switch (mu_sql_module_config.password_type) |
| 640 | { | 640 | { |
| 641 | case password_hash: | 641 | case password_hash: |
| 642 | rc = strcmp (sql_pass, crypt (pass, sql_pass)); | 642 | crypt_pass = crypt (pass, sql_pass); |
| 643 | if (!crypt_pass) | ||
| 644 | rc = 1; | ||
| 645 | else | ||
| 646 | rc = strcmp (sql_pass, crypt_pass); | ||
| 643 | break; | 647 | break; |
| 644 | 648 | ||
| 645 | case password_scrambled: | 649 | case password_scrambled: | ... | ... |
-
Please register or sign in to post a comment