Skip to content
Permalink
Browse files Browse the repository at this point in the history
Don't crash if crypt() fails.
It can fail, so make sure it doesn't before comparing its result with
the password.

This addresses Include Security issue F12: [libpcap] Remote Packet
Capture Daemon Null Pointer Dereference Denial of Service.
  • Loading branch information
guyharris committed Sep 30, 2019
1 parent bf4a63b commit 437b273
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion rpcapd/daemon.c
Expand Up @@ -1222,6 +1222,7 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
#ifdef HAVE_GETSPNAM
struct spwd *usersp;
#endif
char *crypt_password;

// This call is needed to get the uid
if ((user = getpwnam(username)) == NULL)
Expand Down Expand Up @@ -1252,7 +1253,13 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
user_password = user->pw_passwd;
#endif

if (strcmp(user_password, (char *) crypt(password, user_password)) != 0)
crypt_password = crypt(password, user_password);
if (crypt_password == NULL)
{
pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
return -1;
}
if (strcmp(user_password, crypt_password) != 0)
{
pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: user name or password incorrect");
return -1;
Expand Down

0 comments on commit 437b273

Please sign in to comment.