GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

plain: avoid crash on locked accounts

Browse Source 
That is, avoid a null pointer dereference when crypt()
fails.

Resolves #114

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
This commit is contained in:
Nikos Mavrogiannopoulos
2017-08-23 09:18:01 +02:00
parent a62fe8791d
commit 084fff8425
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/auth/plain.c
View File

@@ -310,9 +310,15 @@ static int plain_auth_user(void *ctx, char *username, int username_size)
static int plain_auth_pass(void *ctx, const char *pass, unsigned pass_len)
{
struct plain_ctx_st *pctx = ctx;
const char *p;
p = crypt(pass, pctx->cpass);
if (p == NULL) {
pctx->failed = 1;
}
if (pctx->failed || (pctx->cpass[0] != 0
&& strcmp(crypt(pass, pctx->cpass), pctx->cpass) != 0)) {
&& strcmp(p, pctx->cpass) != 0)) {
if (pctx->retries++ < MAX_PASSWORD_TRIES-1) {
pctx->pass_msg = pass_msg_failed;