summaryrefslogtreecommitdiff
path: root/openbsd-compat/xcrypt.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2018-10-10 14:57:00 +1100
committerDamien Miller <djm@mindrot.org>2018-10-10 14:57:00 +1100
commitd1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0 (patch)
treebd9f6991a1349aac33e657b7525fc64cda12945c /openbsd-compat/xcrypt.c
parentedbb6febccee084d212fdc0cb05b40cb1c646ab1 (diff)
in pick_salt() avoid dereference of NULL passwords
Apparently some NIS implementations can leave pw->pw_passwd (or the shadow equivalent) NULL. bz#2909; based on patch from Todd Eigenschink
Diffstat (limited to 'openbsd-compat/xcrypt.c')
-rw-r--r--openbsd-compat/xcrypt.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index c9c6283c..360b187a 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -82,7 +82,8 @@ pick_salt(void)
strlcpy(salt, "xx", sizeof(salt));
setpwent();
while ((pw = getpwent()) != NULL) {
- passwd = shadow_pw(pw);
+ if ((passwd = shadow_pw(pw)) == NULL)
+ continue;
if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
typelen = p - passwd + 1;
strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));