diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2004-03-10 21:23:18 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2004-03-10 21:23:18 +0000 |
commit | 56d7d8a963877ba2ee5123ab43220c21f7fc6459 (patch) | |
tree | a85c127536a13eaf2d67439c00a13b7073629b06 | |
parent | a2434ce59115a27a0a870eb3ceb5242af6b8eea4 (diff) |
Check getpass() return value for NULL. Closes Pr 3706.
With help and OK from otto@.
-rw-r--r-- | usr.bin/passwd/local_passwd.c | 15 | ||||
-rw-r--r-- | usr.bin/passwd/yp_passwd.c | 15 |
2 files changed, 17 insertions, 13 deletions
diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c index c236dff57df..e0b9436f82d 100644 --- a/usr.bin/passwd/local_passwd.c +++ b/usr.bin/passwd/local_passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: local_passwd.c,v 1.30 2003/06/20 16:53:27 deraadt Exp $ */ +/* $OpenBSD: local_passwd.c,v 1.31 2004/03/10 21:23:17 millert Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -31,7 +31,7 @@ #ifndef lint /*static const char sccsid[] = "from: @(#)local_passwd.c 5.5 (Berkeley) 5/6/91";*/ -static const char rcsid[] = "$OpenBSD: local_passwd.c,v 1.30 2003/06/20 16:53:27 deraadt Exp $"; +static const char rcsid[] = "$OpenBSD: local_passwd.c,v 1.31 2004/03/10 21:23:17 millert Exp $"; #endif /* not lint */ #include <sys/types.h> @@ -155,10 +155,10 @@ getnewpasswd(struct passwd *pw, login_cap_t *lc, int authenticated) (void)printf("Changing local password for %s.\n", pw->pw_name); if (uid != 0 && pw->pw_passwd[0] != '\0') { p = getpass("Old password:"); - if (*p == '\0') { + if (p == NULL || *p == '\0') { (void)printf(UNCHANGED_MSG); pw_abort(); - exit(0); + exit(p == NULL ? 1 : 0); } if (strcmp(crypt(p, pw->pw_passwd), pw->pw_passwd)) { errno = EACCES; @@ -171,10 +171,10 @@ getnewpasswd(struct passwd *pw, login_cap_t *lc, int authenticated) for (buf[0] = '\0', tries = 0;;) { p = getpass("New password:"); - if (*p == '\0') { + if (p == NULL || *p == '\0') { (void)printf(UNCHANGED_MSG); pw_abort(); - exit(0); + exit(p == NULL ? 1 : 0); } if (strcmp(p, "s/key") == 0) { printf("That password collides with a system feature. Choose another.\n"); @@ -185,7 +185,8 @@ getnewpasswd(struct passwd *pw, login_cap_t *lc, int authenticated) && pwd_check(pw, lc, p) == 0) continue; strlcpy(buf, p, sizeof(buf)); - if (!strcmp(buf, getpass("Retype new password:"))) + p = getpass("Retype new password:"); + if (p != NULL && strcmp(buf, p) == 0) break; (void)printf("Mismatch; try again, EOF to quit.\n"); } diff --git a/usr.bin/passwd/yp_passwd.c b/usr.bin/passwd/yp_passwd.c index 9bcc8ac2ecc..0d9c5a53926 100644 --- a/usr.bin/passwd/yp_passwd.c +++ b/usr.bin/passwd/yp_passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: yp_passwd.c,v 1.25 2004/02/20 21:24:57 maja Exp $ */ +/* $OpenBSD: yp_passwd.c,v 1.26 2004/03/10 21:23:17 millert Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. @@ -30,7 +30,7 @@ */ #ifndef lint /*static const char sccsid[] = "from: @(#)yp_passwd.c 1.0 2/2/93";*/ -static const char rcsid[] = "$OpenBSD: yp_passwd.c,v 1.25 2004/02/20 21:24:57 maja Exp $"; +static const char rcsid[] = "$OpenBSD: yp_passwd.c,v 1.26 2004/03/10 21:23:17 millert Exp $"; #endif /* not lint */ #ifdef YP @@ -203,7 +203,8 @@ ypgetnewpasswd(struct passwd *pw, login_cap_t *lc, char **old_pass) if (pw->pw_passwd[0]) { p = getpass("Old password:"); - if (strcmp(crypt(p, pw->pw_passwd), pw->pw_passwd)) { + if (p == NULL || + strcmp(crypt(p, pw->pw_passwd), pw->pw_passwd)) { errno = EACCES; pw_error(NULL, 1, 1); } @@ -218,9 +219,10 @@ ypgetnewpasswd(struct passwd *pw, login_cap_t *lc, char **old_pass) for (buf[0] = '\0', tries = 0;;) { p = getpass("New password:"); - if (!*p) { + if (p == NULL || *p == '\0') { printf("Password unchanged.\n"); - pw_error(NULL, 0, 0); + pw_abort(); + exit(p == NULL ? 1 : 0); } if (strcmp(p, "s/key") == 0) { printf("That password collides with a system feature. " @@ -231,7 +233,8 @@ ypgetnewpasswd(struct passwd *pw, login_cap_t *lc, char **old_pass) && pwd_check(pw, lc, p) == 0) continue; strlcpy(buf, p, sizeof buf); - if (!strcmp(buf, getpass("Retype new password:"))) + p = getpass("Retype new password:"); + if (p != NULL && strcmp(buf, p) == 0) break; (void)printf("Mismatch; try again, EOF to quit.\n"); } |