check crypt() for null. noticed by Jonas Termansen

author: tedu <> 2014-11-24 21:36:35 +0000
committer: tedu <> 2014-11-24 21:36:35 +0000
commit: b655215ea66ce8a38a7f44725eaa0dcd1fd21e41 (patch)
tree: 24c5b6ca8c307c739a10e656e98463b23c24a7b9 /src/lib/libc/crypt
parent: 1f94b5ec3433707aa3c72ab3fa5a81f5311d3c0f (diff)
download: openbsd-b655215ea66ce8a38a7f44725eaa0dcd1fd21e41.tar.gz
openbsd-b655215ea66ce8a38a7f44725eaa0dcd1fd21e41.tar.bz2
openbsd-b655215ea66ce8a38a7f44725eaa0dcd1fd21e41.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libc/crypt/cryptutil.c b/src/lib/libc/crypt/cryptutil.c
index cadc67af81..ca8be8fa0f 100644
--- a/src/lib/libc/crypt/cryptutil.c
+++ b/src/lib/libc/crypt/cryptutil.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptutil.c,v 1.4 2014/11/21 12:32:38 schwarze Exp $ */
+/* $OpenBSD: cryptutil.c,v 1.5 2014/11/24 21:36:35 tedu Exp $ */
 /*
 * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 *
@@ -45,7 +45,7 @@ crypt_checkpass(const char *pass, const char *goodhash)
        /* have to do it the hard way */
        res = crypt(pass, goodhash);
-        if (strlen(res) != strlen(goodhash) ||
+        if (res == NULL || strlen(res) != strlen(goodhash) ||
            timingsafe_bcmp(res, goodhash, strlen(goodhash)) != 0) {
                goto fail;
        }
author	tedu <>	2014-11-24 21:36:35 +0000
committer	tedu <>	2014-11-24 21:36:35 +0000
commit	b655215ea66ce8a38a7f44725eaa0dcd1fd21e41 (patch)
tree	24c5b6ca8c307c739a10e656e98463b23c24a7b9 /src/lib/libc/crypt
parent	1f94b5ec3433707aa3c72ab3fa5a81f5311d3c0f (diff)
download	openbsd-b655215ea66ce8a38a7f44725eaa0dcd1fd21e41.tar.gz openbsd-b655215ea66ce8a38a7f44725eaa0dcd1fd21e41.tar.bz2 openbsd-b655215ea66ce8a38a7f44725eaa0dcd1fd21e41.zip

diff --git a/src/lib/libc/crypt/cryptutil.c b/src/lib/libc/crypt/cryptutil.c index cadc67af81..ca8be8fa0f 100644 --- a/src/lib/libc/crypt/cryptutil.c +++ b/src/lib/libc/crypt/cryptutil.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: cryptutil.c,v 1.4 2014/11/21 12:32:38 schwarze Exp $ */	1	/* $OpenBSD: cryptutil.c,v 1.5 2014/11/24 21:36:35 tedu Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>	3	* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
4	*	4	*
@@ -45,7 +45,7 @@ crypt_checkpass(const char pass, const char goodhash)
45		45
46	/* have to do it the hard way */	46	/* have to do it the hard way */
47	res = crypt(pass, goodhash);	47	res = crypt(pass, goodhash);
48	if (strlen(res) != strlen(goodhash) \|\|	48	if (res == NULL \|\| strlen(res) != strlen(goodhash) \|\|
49	timingsafe_bcmp(res, goodhash, strlen(goodhash)) != 0) {	49	timingsafe_bcmp(res, goodhash, strlen(goodhash)) != 0) {
50	goto fail;	50	goto fail;
51	}	51	}