mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-23 21:41:07 +01:00
Handle NULL return from crypt(3). Mostly from DragonFly
This commit is contained in:
parent
5bfdf7f990
commit
29dcf726d2
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=231994
@ -657,7 +657,8 @@ single_user(void)
|
||||
_exit(0);
|
||||
password = crypt(clear, pp->pw_passwd);
|
||||
bzero(clear, _PASSWORD_LEN);
|
||||
if (strcmp(password, pp->pw_passwd) == 0)
|
||||
if (password == NULL ||
|
||||
strcmp(password, pp->pw_passwd) == 0)
|
||||
break;
|
||||
warning("single-user login failed\n");
|
||||
}
|
||||
|
@ -94,6 +94,9 @@ main(int argc, char **argv)
|
||||
#ifdef YP
|
||||
char *master;
|
||||
#endif
|
||||
#ifdef YPPASSWD
|
||||
char *cryptpw;
|
||||
#endif
|
||||
|
||||
while ((ch = getopt(argc, argv, "f")) != -1)
|
||||
switch(ch) {
|
||||
@ -149,7 +152,8 @@ main(int argc, char **argv)
|
||||
pass = getpass("Password:");
|
||||
#ifdef YPPASSWD
|
||||
if (!force) {
|
||||
if (strcmp(crypt(pass, pw->pw_passwd), pw->pw_passwd) != 0)
|
||||
cryptpw = crypt(pass, pw->pw_passwd);
|
||||
if (cryptpw == NULL || strcmp(cryptpw, pw->pw_passwd) != 0)
|
||||
errx(1, "invalid password");
|
||||
}
|
||||
#else
|
||||
|
@ -41,9 +41,15 @@ setup(char *pw)
|
||||
char salt[3];
|
||||
unsigned rnd;
|
||||
int32_t seed;
|
||||
char *cryptpw;
|
||||
|
||||
strlcpy(salt, pw, sizeof(salt));
|
||||
memcpy(buf, crypt(pw, salt), sizeof(buf));
|
||||
cryptpw = crypt(pw, salt);
|
||||
if (cryptpw == NULL) {
|
||||
fprintf(stderr, "crypt(3) failure\n");
|
||||
exit(1);
|
||||
}
|
||||
memcpy(buf, cryptpw, sizeof(buf));
|
||||
seed = 123;
|
||||
for (i=0; i<13; i++)
|
||||
seed = seed*buf[i] + i;
|
||||
|
@ -94,7 +94,7 @@ main(int argc, char **argv)
|
||||
struct itimerval ntimer, otimer;
|
||||
struct tm *timp;
|
||||
int ch, failures, sectimeout, usemine, vtylock;
|
||||
char *ap, *mypw, *ttynam, *tzn;
|
||||
char *ap, *cryptpw, *mypw, *ttynam, *tzn;
|
||||
char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ];
|
||||
|
||||
openlog("lock", LOG_ODELAY, LOG_AUTH);
|
||||
@ -222,7 +222,8 @@ main(int argc, char **argv)
|
||||
}
|
||||
if (usemine) {
|
||||
s[strlen(s) - 1] = '\0';
|
||||
if (!strcmp(mypw, crypt(s, mypw)))
|
||||
cryptpw = crypt(s, mypw);
|
||||
if (cryptpw == NULL || !strcmp(mypw, cryptpw))
|
||||
break;
|
||||
}
|
||||
else if (!strcmp(s, s1))
|
||||
|
@ -151,7 +151,7 @@ addgroup(const char *grpname)
|
||||
int dbmember, i, ngrps;
|
||||
gid_t egid;
|
||||
struct group *grp;
|
||||
char *ep, *pass;
|
||||
char *ep, *pass, *cryptpw;
|
||||
char **p;
|
||||
|
||||
egid = getegid();
|
||||
@ -178,8 +178,10 @@ addgroup(const char *grpname)
|
||||
}
|
||||
if (!dbmember && *grp->gr_passwd != '\0' && getuid() != 0) {
|
||||
pass = getpass("Password:");
|
||||
if (pass == NULL ||
|
||||
strcmp(grp->gr_passwd, crypt(pass, grp->gr_passwd)) != 0) {
|
||||
if (pass == NULL)
|
||||
return;
|
||||
cryptpw = crypt(pass, grp->gr_passwd);
|
||||
if (cryptpw == NULL || strcmp(grp->gr_passwd, cryptpw) != 0) {
|
||||
fprintf(stderr, "Sorry\n");
|
||||
return;
|
||||
}
|
||||
|
@ -126,9 +126,11 @@ auth_CheckPasswd(const char *name, const char *data, const char *key)
|
||||
/* Then look up the real password database */
|
||||
struct passwd *pw;
|
||||
int result;
|
||||
char *cryptpw;
|
||||
|
||||
cryptpw = crypt(key, pw->pw_passwd);
|
||||
result = (pw = getpwnam(name)) &&
|
||||
!strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd);
|
||||
(cryptpw == NULL || !strcmp(cryptpw, pw->pw_passwd));
|
||||
endpwent();
|
||||
return result;
|
||||
#else /* !NOPAM */
|
||||
|
@ -1028,6 +1028,7 @@ pw_pwcrypt(char *password)
|
||||
{
|
||||
int i;
|
||||
char salt[SALTSIZE + 1];
|
||||
char *cryptpw;
|
||||
|
||||
static char buf[256];
|
||||
|
||||
@ -1038,7 +1039,10 @@ pw_pwcrypt(char *password)
|
||||
salt[i] = chars[arc4random_uniform(sizeof(chars) - 1)];
|
||||
salt[SALTSIZE] = '\0';
|
||||
|
||||
return strcpy(buf, crypt(password, salt));
|
||||
cryptpw = crypt(password, salt);
|
||||
if (cryptpw == NULL)
|
||||
errx(EX_CONFIG, "crypt(3) failure");
|
||||
return strcpy(buf, cryptpw);
|
||||
}
|
||||
|
||||
|
||||
|
@ -460,6 +460,7 @@ yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp)
|
||||
int passwd_changed = 0;
|
||||
int shell_changed = 0;
|
||||
int gecos_changed = 0;
|
||||
char *cryptpw;
|
||||
char *oldshell = NULL;
|
||||
char *oldgecos = NULL;
|
||||
char *passfile_hold;
|
||||
@ -537,8 +538,8 @@ yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp)
|
||||
|
||||
/* Step 2: check that the supplied oldpass is valid. */
|
||||
|
||||
if (strcmp(crypt(argp->oldpass, yp_password.pw_passwd),
|
||||
yp_password.pw_passwd)) {
|
||||
cryptpw = crypt(argp->oldpass, yp_password.pw_passwd);
|
||||
if (cryptpw == NULL || strcmp(cryptpw, yp_password.pw_passwd)) {
|
||||
yp_error("rejected change attempt -- bad password");
|
||||
yp_error("client address: %s username: %s",
|
||||
inet_ntoa(rqhost->sin_addr),
|
||||
|
Loading…
Reference in New Issue
Block a user