Browse Source

Handle NULL returns from crypt()

Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
(w/ NULL return) if the salt violates specifications. Additionally,
on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
passed to crypt() fail with EPERM (w/ NULL return).

When using glibc's crypt(), check return value to avoid a possible
NULL pointer dereference.

Signed-off-by: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
mancha 10 years ago
parent
commit
fbdfae3b40
1 changed files with 1 additions and 1 deletions
  1. 1 1
      app.cpp

+ 1 - 1
app.cpp

@@ -485,7 +485,7 @@ bool App::AuthenticateUser(bool focuspass){
 		return true;
 
 	encrypted = crypt(LoginPanel->GetPasswd().c_str(), correct);
-	return ((strcmp(encrypted, correct) == 0) ? true : false);
+	return ((encrypted && strcmp(encrypted, correct) == 0) ? true : false);
 }
 #endif