diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2020-05-15 17:25:40 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2020-05-15 17:25:40 +0000 |
commit | f51fc986312f9dc823769323a4add009163f821c (patch) | |
tree | 6f2ff004b1ad2c67b5dda97d2778cbca321d64e6 /libexec/login_passwd | |
parent | 5af6da5384374b874471380d47f42e34af7eb864 (diff) |
Fix handling of passwd entries with an empty password.
Initialize "pass" to the empty string instead of NULL, otherwise
crypt_checkpass() will dereference NULL.
From Yuichiro Naito via yasuoka@. OK deraadt@
Diffstat (limited to 'libexec/login_passwd')
-rw-r--r-- | libexec/login_passwd/login_passwd.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/libexec/login_passwd/login_passwd.c b/libexec/login_passwd/login_passwd.c index cd4f54709d4..92790494489 100644 --- a/libexec/login_passwd/login_passwd.c +++ b/libexec/login_passwd/login_passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login_passwd.c,v 1.17 2019/12/24 13:13:33 millert Exp $ */ +/* $OpenBSD: login_passwd.c,v 1.18 2020/05/15 17:25:39 millert Exp $ */ /*- * Copyright (c) 1995 Berkeley Software Design, Inc. All rights reserved. @@ -56,7 +56,7 @@ main(int argc, char *argv[]) { FILE *back = NULL; char *class = NULL, *username = NULL, *wheel = NULL; - char response[1024], pbuf[1024], *pass = NULL; + char response[1024], pbuf[1024], *pass = ""; int ch, rc, mode = 0, lastchance = 0; struct passwd *pwd; @@ -151,6 +151,8 @@ main(int argc, char *argv[]) if (pwd == NULL || *pwd->pw_passwd != '\0') { pass = readpassphrase("Password:", pbuf, sizeof(pbuf), RPP_ECHO_OFF); + if (pass == NULL) + fprintf(back, BI_REJECT "\n"); } } @@ -160,8 +162,7 @@ main(int argc, char *argv[]) } rc = crypt_checkpass(pass, pwd ? pwd->pw_passwd : NULL); - if (pass != NULL) - explicit_bzero(pass, strlen(pass)); + explicit_bzero(pass, strlen(pass)); if (rc == 0) { if (login_check_expire(back, pwd, class, lastchance) == 0) { fprintf(back, BI_AUTH "\n"); |