Skip to content

Commit

Permalink
Handle NULL returns from glibc 2.17+ crypt().
Browse files Browse the repository at this point in the history 
Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
(w/ NULL return) if the salt violates specifications. Additionally,
on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
passed to crypt() fail with EPERM (w/ NULL return).

If using glibc's crypt(), check return value to avoid a possible
NULL pointer dereference.
  • Loading branch information
@mancha1 @Jehreg
mancha1 authored and Jehreg committed Jul 8, 2013
1 parent 31e261a commit 178b6f5
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions programs/pluto/xauth.c
View file
Expand Up @@ -1070,8 +1070,8 @@ int do_md5_authentication(void *varg)
openswan_log("XAUTH: checking user(%s:%s) " , szuser, szconnid); openswan_log("XAUTH: checking user(%s:%s) " , szuser, szconnid);
} }


/* Ok then now password check */ /* Ok then now password check; Note: handle crypt() NULL returns */
if ( strcmp(cp, szpass ) == 0 ) if ( cp && strcmp(cp, szpass ) == 0 )
{ {
/* we have a winner */ /* we have a winner */
fclose( fp ); fclose( fp );
Expand Down

0 comments on commit 178b6f5

Please sign in to comment.