Mercurial > dropbear
comparison svr-authpasswd.c @ 790:7bd88d546627
Avoid segfault for locked accounts (invalid salt to crypt())
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 29 Apr 2013 23:42:37 +0800 |
| parents | c58a15983808 |
| children | a625f9e135a4 |
comparison
equal
deleted
inserted
replaced
| 789:ea04e3eb03e2 | 790:7bd88d546627 |
|---|---|
| 64 /* the first bytes of passwdcrypt are the salt */ | 64 /* the first bytes of passwdcrypt are the salt */ |
| 65 testcrypt = crypt((char*)password, passwdcrypt); | 65 testcrypt = crypt((char*)password, passwdcrypt); |
| 66 m_burn(password, passwordlen); | 66 m_burn(password, passwordlen); |
| 67 m_free(password); | 67 m_free(password); |
| 68 | 68 |
| 69 if (testcrypt == NULL) { | |
| 70 /* crypt() with an invalid salt like "!!" */ | |
| 71 dropbear_log(LOG_WARNING, "User account '%s' is locked", | |
| 72 ses.authstate.pw_name); | |
| 73 send_msg_userauth_failure(0, 1); | |
| 74 return; | |
| 75 } | |
| 76 | |
| 69 /* check for empty password */ | 77 /* check for empty password */ |
| 70 if (passwdcrypt[0] == '\0') { | 78 if (passwdcrypt[0] == '\0') { |
| 71 dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", | 79 dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", |
| 72 ses.authstate.pw_name); | 80 ses.authstate.pw_name); |
| 73 send_msg_userauth_failure(0, 1); | 81 send_msg_userauth_failure(0, 1); |