|
 |
36e843 |
From f3ba6614adc715b658fa7ba8de380c5890665de5 Mon Sep 17 00:00:00 2001
|
|
|
36e843 |
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
|
36e843 |
Date: Wed, 5 Jun 2013 09:08:42 +0200
|
|
|
36e843 |
Subject: [PATCH] crypt(3) can return NULL
|
|
|
36e843 |
|
|
|
36e843 |
crypt(3) can fail and return NULL since glibc-2.17. This patch
|
|
|
36e843 |
prevents from crashing CVS in that case.
|
|
|
36e843 |
|
|
|
36e843 |
Patch ported from upstream report
|
|
|
36e843 |
<https://savannah.nongnu.org/bugs/index.php?39040> developed by
|
|
|
36e843 |
<mancha1@hush.com>.
|
|
|
36e843 |
---
|
|
|
36e843 |
src/server.c | 14 +++++++++-----
|
|
|
36e843 |
1 file changed, 9 insertions(+), 5 deletions(-)
|
|
|
36e843 |
|
|
|
36e843 |
diff --git a/src/server.c b/src/server.c
|
|
|
36e843 |
index bc6f0d0..348338c 100644
|
|
|
36e843 |
--- a/src/server.c
|
|
|
36e843 |
+++ b/src/server.c
|
|
|
36e843 |
@@ -5647,9 +5647,11 @@ check_repository_password (username, password, repository, host_user_ptr)
|
|
|
36e843 |
host_user_tmp = username;
|
|
|
36e843 |
|
|
|
36e843 |
/* Verify blank passwords directly, otherwise use crypt(). */
|
|
|
36e843 |
+ char *crypt_passwd = found_password ? crypt (password, found_password): NULL;
|
|
|
36e843 |
if ((found_password == NULL)
|
|
|
36e843 |
- || ((strcmp (found_password, crypt (password, found_password))
|
|
|
36e843 |
- == 0)))
|
|
|
36e843 |
+ || (crypt_passwd != NULL
|
|
|
36e843 |
+ && (strcmp (found_password, crypt_passwd)
|
|
|
36e843 |
+ == 0)))
|
|
|
36e843 |
{
|
|
|
36e843 |
/* Give host_user_ptr permanent storage. */
|
|
|
36e843 |
*host_user_ptr = xstrdup (host_user_tmp);
|
|
|
36e843 |
@@ -5660,7 +5662,7 @@ check_repository_password (username, password, repository, host_user_ptr)
|
|
|
36e843 |
#ifdef LOG_AUTHPRIV
|
|
|
36e843 |
syslog (LOG_AUTHPRIV | LOG_NOTICE,
|
|
|
36e843 |
"password mismatch for %s in %s: %s vs. %s", username,
|
|
|
36e843 |
- repository, crypt(password, found_password), found_password);
|
|
|
36e843 |
+ repository, crypt_passwd, found_password);
|
|
|
36e843 |
#endif
|
|
|
36e843 |
*host_user_ptr = NULL;
|
|
|
36e843 |
retval = 2;
|
|
|
36e843 |
@@ -5869,7 +5871,9 @@ error %s getnameinfo failed\n", strerror (errno));
|
|
|
36e843 |
pamh = NULL;
|
|
|
36e843 |
}
|
|
|
36e843 |
#else
|
|
|
36e843 |
- if (strcmp (found_passwd, crypt (password, found_passwd)) == 0)
|
|
|
36e843 |
+ char *crypt_passwd = crypt (password, found_passwd);
|
|
|
36e843 |
+ if ((crypt_passwd != NULL) &&
|
|
|
36e843 |
+ (strcmp (found_passwd, crypt_passwd) == 0))
|
|
|
36e843 |
{
|
|
|
36e843 |
host_user = xstrdup (username);
|
|
|
36e843 |
}
|
|
|
36e843 |
@@ -5879,7 +5883,7 @@ error %s getnameinfo failed\n", strerror (errno));
|
|
|
36e843 |
#ifdef LOG_AUTHPRIV
|
|
|
36e843 |
syslog (LOG_AUTHPRIV | LOG_NOTICE,
|
|
|
36e843 |
"password mismatch for %s: %s vs. %s", username,
|
|
|
36e843 |
- crypt(password, found_passwd), found_passwd);
|
|
|
36e843 |
+ crypt_passwd, found_passwd);
|
|
|
36e843 |
#endif
|
|
|
36e843 |
}
|
|
|
36e843 |
#endif
|
|
|
36e843 |
--
|
|
|
36e843 |
1.8.1.4
|
|
|
36e843 |
|