Upstream-Status: Backport Signed-off-by: Ross Burton # HG changeset patch # User Todd C. Miller # Date 1365700240 14400 # Node ID 887b9df243df5254e56c467a016f1b0a7a8507dd # Parent fd7eda53cdd76aaf8336800c61005ae93de95ac7 Check for crypt() returning NULL. Traditionally, crypt() never returned NULL but newer versions of eglibc have a crypt() that does. Bug #598 diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/passwd.c --- a/plugins/sudoers/auth/passwd.c Thu Apr 11 09:09:53 2013 -0400 +++ b/plugins/sudoers/auth/passwd.c Thu Apr 11 13:10:40 2013 -0400 @@ -68,15 +68,15 @@ char sav, *epass; char *pw_epasswd = auth->data; size_t pw_len; - int error; + int matched = 0; debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH) pw_len = strlen(pw_epasswd); #ifdef HAVE_GETAUTHUID /* Ultrix shadow passwords may use crypt16() */ - error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd)); - if (!error) + epass = (char *) crypt16(pass, pw_epasswd); + if (epass != NULL && strcmp(pw_epasswd, epass) == 0) debug_return_int(AUTH_SUCCESS); #endif /* HAVE_GETAUTHUID */ @@ -95,12 +95,14 @@ */ epass = (char *) crypt(pass, pw_epasswd); pass[8] = sav; - if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) - error = strncmp(pw_epasswd, epass, DESLEN); - else - error = strcmp(pw_epasswd, epass); + if (epass != NULL) { + if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) + matched = !strncmp(pw_epasswd, epass, DESLEN); + else + matched = !strcmp(pw_epasswd, epass); + } - debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS); + debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE); } int diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/secureware.c --- a/plugins/sudoers/auth/secureware.c Thu Apr 11 09:09:53 2013 -0400 +++ b/plugins/sudoers/auth/secureware.c Thu Apr 11 13:10:40 2013 -0400 @@ -73,30 +73,28 @@ sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth) { char *pw_epasswd = auth->data; + char *epass = NULL; debug_decl(sudo_secureware_verify, SUDO_DEBUG_AUTH) #ifdef __alpha { extern int crypt_type; -# ifdef HAVE_DISPCRYPT - if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0) - debug_return_int(AUTH_SUCCESS); -# else - if (crypt_type == AUTH_CRYPT_BIGCRYPT) { - if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0) - debug_return_int(AUTH_SUCCESS); - } else if (crypt_type == AUTH_CRYPT_CRYPT16) { - if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0) - debug_return_int(AUTH_SUCCESS); - } +# ifdef HAVE_DISPCRYPT + epass = dispcrypt(pass, pw_epasswd, crypt_type); +# else + if (crypt_type == AUTH_CRYPT_BIGCRYPT) + epass = bigcrypt(pass, pw_epasswd); + else if (crypt_type == AUTH_CRYPT_CRYPT16) + epass = crypt(pass, pw_epasswd); } -# endif /* HAVE_DISPCRYPT */ +# endif /* HAVE_DISPCRYPT */ #elif defined(HAVE_BIGCRYPT) - if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0) - debug_return_int(AUTH_SUCCESS); + epass = bigcrypt(pass, pw_epasswd); #endif /* __alpha */ - debug_return_int(AUTH_FAILURE); + if (epass != NULL && strcmp(pw_epasswd, epass) == 0) + debug_return_int(AUTH_SUCCESS); + debug_return_int(AUTH_FAILURE); } int