[openssh-commits] [openssh] 01/01: in pick_salt() avoid dereference of NULL passwords
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Oct 10 14:58:43 AEDT 2018
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0
Author: Damien Miller <djm at mindrot.org>
Date: Wed Oct 10 14:57:00 2018 +1100
in pick_salt() avoid dereference of NULL passwords
Apparently some NIS implementations can leave pw->pw_passwd (or the
shadow equivalent) NULL.
bz#2909; based on patch from Todd Eigenschink
---
openbsd-compat/xcrypt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index c9c6283c..360b187a 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -82,7 +82,8 @@ pick_salt(void)
strlcpy(salt, "xx", sizeof(salt));
setpwent();
while ((pw = getpwent()) != NULL) {
- passwd = shadow_pw(pw);
+ if ((passwd = shadow_pw(pw)) == NULL)
+ continue;
if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
typelen = p - passwd + 1;
strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list