diff options
| author | Otto Moerbeek <otto@cvs.openbsd.org> | 2004-11-02 08:03:56 +0000 |
|---|---|---|
| committer | Otto Moerbeek <otto@cvs.openbsd.org> | 2004-11-02 08:03:56 +0000 |
| commit | cb1e42b7f357bbdf071d6811d04f6761652a9f69 (patch) | |
| tree | 57e41e50a0e1b41929df3d5d5ed2deeef12b90c1 | |
| parent | ffc0fe859d9e5b3235f03e36f744bad934ef196b (diff) | |
Do not modify ro mem and plug a mem leak. Happens when no cipher
spec is found in login.conf. Found by Jerome Loyet. ok henning@
hshoexer@ and millert@ on an earlier version.
| -rw-r--r-- | usr.bin/passwd/pwd_gensalt.c | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/usr.bin/passwd/pwd_gensalt.c b/usr.bin/passwd/pwd_gensalt.c index a510c691713..9bf227e74f6 100644 --- a/usr.bin/passwd/pwd_gensalt.c +++ b/usr.bin/passwd/pwd_gensalt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pwd_gensalt.c,v 1.20 2004/07/15 17:23:44 millert Exp $ */ +/* $OpenBSD: pwd_gensalt.c,v 1.21 2004/11/02 08:03:55 otto Exp $ */ /* * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> @@ -51,33 +51,44 @@ int pwd_gensalt(char *, int, login_cap_t *, char); int pwd_gensalt(char *salt, int saltlen, login_cap_t *lc, char type) { - char *next, *now; + char *next, *now, *oldnext; *salt = '\0'; switch (type) { case 'y': - next = login_getcapstr(lc, "ypcipher", YPCIPHER_DEF, - YPCIPHER_DEF); + next = login_getcapstr(lc, "ypcipher", NULL, NULL); + if (next == NULL && (next = strdup(YPCIPHER_DEF)) == NULL) { + warn(NULL); + return 0; + } break; case 'l': default: - next = login_getcapstr(lc, "localcipher", LOCALCIPHER_DEF, - LOCALCIPHER_DEF); + next = login_getcapstr(lc, "localcipher", NULL, NULL); + if (next == NULL && (next = strdup(LOCALCIPHER_DEF)) == NULL) { + warn(NULL); + return 0; + } break; } + oldnext = next; now = strsep(&next, ","); if (!strcmp(now, "old")) { - if (saltlen < 3) + if (saltlen < 3) { + free(oldnext); return 0; + } to64(&salt[0], arc4random(), 2); salt[2] = '\0'; } else if (!strcmp(now, "newsalt")) { u_int32_t rounds = atol(next); - if (saltlen < 10) + if (saltlen < 10) { + free(oldnext); return 0; + } /* Check rounds, 24 bit is max */ if (rounds < 7250) rounds = 7250; @@ -88,8 +99,10 @@ pwd_gensalt(char *salt, int saltlen, login_cap_t *lc, char type) to64(&salt[5], arc4random(), 4); salt[9] = '\0'; } else if (!strcmp(now, "md5")) { - if (saltlen < 13) /* $1$8salt$\0 */ + if (saltlen < 13) { /* $1$8salt$\0 */ + free(oldnext); return 0; + } strlcpy(salt, "$1$", saltlen); to64(&salt[3], arc4random(), 4); @@ -105,6 +118,7 @@ pwd_gensalt(char *salt, int saltlen, login_cap_t *lc, char type) strlcpy(salt, ":", saltlen); warnx("Unknown option %s.", now); } + free(oldnext); return 1; } |