Mercurial > dropbear
changeset 790:7bd88d546627
Avoid segfault for locked accounts (invalid salt to crypt())
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 29 Apr 2013 23:42:37 +0800 |
| parents | ea04e3eb03e2 |
| children | 0bf76f54de6f 0e17269254b6 |
| files | svr-authpasswd.c |
| diffstat | 1 files changed, 8 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/svr-authpasswd.c Thu Apr 18 23:15:17 2013 +0800 +++ b/svr-authpasswd.c Mon Apr 29 23:42:37 2013 +0800 @@ -66,6 +66,14 @@ m_burn(password, passwordlen); m_free(password); + if (testcrypt == NULL) { + /* crypt() with an invalid salt like "!!" */ + dropbear_log(LOG_WARNING, "User account '%s' is locked", + ses.authstate.pw_name); + send_msg_userauth_failure(0, 1); + return; + } + /* check for empty password */ if (passwdcrypt[0] == '\0') { dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",