From 178b6f5864489f5ea2e910f68547964c220384f2 Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Sun, 7 Jul 2013 07:20:49 -0400
Subject: [PATCH] Handle NULL returns from glibc 2.17+ crypt().
Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
(w/ NULL return) if the salt violates specifications. Additionally,
on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
passed to crypt() fail with EPERM (w/ NULL return).
If using glibc's crypt(), check return value to avoid a possible
NULL pointer dereference.
---
programs/pluto/xauth.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/programs/pluto/xauth.c b/programs/pluto/xauth.c
index c3a14b1..9b5c70e 100644
--- a/programs/pluto/xauth.c
+++ b/programs/pluto/xauth.c
@@ -1070,8 +1070,8 @@ int do_md5_authentication(void *varg)
openswan_log("XAUTH: checking user(%s:%s) " , szuser, szconnid);
}
- /* Ok then now password check */
- if ( strcmp(cp, szpass ) == 0 )
+ /* Ok then now password check; Note: handle crypt() NULL returns */
+ if ( cp && strcmp(cp, szpass ) == 0 )
{
/* we have a winner */
fclose( fp );
--
1.8.1.6
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-release-src
>
by-pkgid
>
8e6f31fb43c5dc7e676a6f6234c70858
>
files
>
5
