packages/openssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openssh/in-pick_salt-avoid-dereference-of-NULL-passwords.patch

31 lines
973 B
Diff
Raw Normal View History

Package init
2019-09-30 11:10:51 -04:00
From d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 10 Oct 2018 14:57:00 +1100
Subject: [PATCH 064/294] in pick_salt() avoid dereference of NULL passwords
Apparently some NIS implementations can leave pw->pw_passwd (or the
shadow equivalent) NULL.
bz#2909; based on patch from Todd Eigenschink
---
openbsd-compat/xcrypt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index c9c6283..360b187 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -82,7 +82,8 @@ pick_salt(void)
strlcpy(salt, "xx", sizeof(salt));
setpwent();
while ((pw = getpwent()) != NULL) {
- passwd = shadow_pw(pw);
+ if ((passwd = shadow_pw(pw)) == NULL)
+ continue;
if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
typelen = p - passwd + 1;
strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
--
1.8.3.1
Reference in New Issue Copy Permalink