Handle NULL return from crypt(3). Mostly from DragonFly

svn path=/head/; revision=231994
2024-11-23 19:31:09 +01:00 · 2012-02-22 06:27:20 +00:00 · 2012-02-22 06:27:20 +00:00 · 29dcf726d2 · 2020-12-20 02:59:44 +00:00
commit 29dcf726d2
parent 5bfdf7f990
8 changed files with 33 additions and 12 deletions
--- a/sbin/init/init.c
+++ b/sbin/init/init.c
@ -657,7 +657,8 @@ single_user(void)
 					_exit(0);
 				password = crypt(clear, pp->pw_passwd);
 				bzero(clear, _PASSWORD_LEN);
-				if (strcmp(password, pp->pw_passwd) == 0)
+				if (password == NULL || 
+				    strcmp(password, pp->pw_passwd) == 0)
 					break;
 				warning("single-user login failed\n");
 			}
--- a/usr.bin/chkey/chkey.c
+++ b/usr.bin/chkey/chkey.c
@ -94,6 +94,9 @@ main(int argc, char **argv)
 #ifdef YP
 	char *master;
 #endif
+#ifdef YPPASSWD
+	char *cryptpw;
+#endif

 	while ((ch = getopt(argc, argv, "f")) != -1)
 		switch(ch) {
@ -149,7 +152,8 @@ main(int argc, char **argv)
 	pass = getpass("Password:");
 #ifdef YPPASSWD
 	if (!force) {
-		if (strcmp(crypt(pass, pw->pw_passwd), pw->pw_passwd) != 0)
+		cryptpw = crypt(pass, pw->pw_passwd);
+		if (cryptpw == NULL || strcmp(cryptpw, pw->pw_passwd) != 0)
 			errx(1, "invalid password");
 	}
 #else
--- a/usr.bin/enigma/enigma.c
+++ b/usr.bin/enigma/enigma.c
@ -41,9 +41,15 @@ setup(char *pw)
 	char salt[3];
 	unsigned rnd;
 	int32_t seed;
+	char *cryptpw;

 	strlcpy(salt, pw, sizeof(salt));
-	memcpy(buf, crypt(pw, salt), sizeof(buf));
+	cryptpw = crypt(pw, salt);
+	if (cryptpw == NULL) {
+		fprintf(stderr, "crypt(3) failure\n");
+		exit(1);
+	}
+	memcpy(buf, cryptpw, sizeof(buf));
 	seed = 123;
 	for (i=0; i<13; i++)
 		seed = seed*buf[i] + i;
--- a/usr.bin/lock/lock.c
+++ b/usr.bin/lock/lock.c
@ -94,7 +94,7 @@ main(int argc, char **argv)
 	struct itimerval ntimer, otimer;
 	struct tm *timp;
 	int ch, failures, sectimeout, usemine, vtylock;
-	char *ap, *mypw, *ttynam, *tzn;
+	char *ap, *cryptpw, *mypw, *ttynam, *tzn;
 	char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ];

 	openlog("lock", LOG_ODELAY, LOG_AUTH);
@ -222,7 +222,8 @@ main(int argc, char **argv)
 		}
 		if (usemine) {
 			s[strlen(s) - 1] = '\0';
-			if (!strcmp(mypw, crypt(s, mypw)))
+			cryptpw = crypt(s, mypw);
+			if (cryptpw == NULL || !strcmp(mypw, cryptpw))
 				break;
 		}
 		else if (!strcmp(s, s1))
--- a/usr.bin/newgrp/newgrp.c
+++ b/usr.bin/newgrp/newgrp.c
@ -151,7 +151,7 @@ addgroup(const char *grpname)
 	int dbmember, i, ngrps;
 	gid_t egid;
 	struct group *grp;
-	char *ep, *pass;
+	char *ep, *pass, *cryptpw;
 	char **p;

 	egid = getegid();
@ -178,8 +178,10 @@ addgroup(const char *grpname)
 		}
 	if (!dbmember && *grp->gr_passwd != '\0' && getuid() != 0) {
 		pass = getpass("Password:");
-		if (pass == NULL ||
-		    strcmp(grp->gr_passwd, crypt(pass, grp->gr_passwd)) != 0) {
+		if (pass == NULL)
+			return;
+		cryptpw = crypt(pass, grp->gr_passwd);
+		if (cryptpw == NULL || strcmp(grp->gr_passwd, cryptpw) != 0) {
 			fprintf(stderr, "Sorry\n");
 			return;
 		}
--- a/usr.sbin/ppp/auth.c
+++ b/usr.sbin/ppp/auth.c
@ -126,9 +126,11 @@ auth_CheckPasswd(const char *name, const char *data, const char *key)
    /* Then look up the real password database */
    struct passwd *pw;
    int result;
+    char *cryptpw;

+    cryptpw = crypt(key, pw->pw_passwd);
    result = (pw = getpwnam(name)) &&
-             !strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd);
+             (cryptpw == NULL || !strcmp(cryptpw, pw->pw_passwd));
    endpwent();
    return result;
 #else /* !NOPAM */
--- a/usr.sbin/pw/pw_user.c
+++ b/usr.sbin/pw/pw_user.c
@ -1028,6 +1028,7 @@ pw_pwcrypt(char *password)
 {
 	int             i;
 	char            salt[SALTSIZE + 1];
+	char		*cryptpw;

 	static char     buf[256];

@ -1038,7 +1039,10 @@ pw_pwcrypt(char *password)
 		salt[i] = chars[arc4random_uniform(sizeof(chars) - 1)];
 	salt[SALTSIZE] = '\0';

-	return strcpy(buf, crypt(password, salt));
+	cryptpw = crypt(password, salt);
+	if (cryptpw == NULL)
+		errx(EX_CONFIG, "crypt(3) failure");
+	return strcpy(buf, cryptpw);
 }


--- a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
+++ b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
@ -460,6 +460,7 @@ yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp)
 	int passwd_changed = 0;
 	int shell_changed = 0;
 	int gecos_changed = 0;
+	char *cryptpw;
 	char *oldshell = NULL;
 	char *oldgecos = NULL;
 	char *passfile_hold;
@ -537,8 +538,8 @@ yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp)

 	/* Step 2: check that the supplied oldpass is valid. */

-	if (strcmp(crypt(argp->oldpass, yp_password.pw_passwd),
-					yp_password.pw_passwd)) {
+	cryptpw = crypt(argp->oldpass, yp_password.pw_passwd);
+	if (cryptpw == NULL || strcmp(cryptpw, yp_password.pw_passwd)) {
 		yp_error("rejected change attempt -- bad password");
 		yp_error("client address: %s username: %s",
 			  inet_ntoa(rqhost->sin_addr),