diff options
Diffstat (limited to 'source/ap/screen/screen.crypt.diff')
| -rw-r--r-- | source/ap/screen/screen.crypt.diff | 126 |
1 files changed, 0 insertions, 126 deletions
diff --git a/source/ap/screen/screen.crypt.diff b/source/ap/screen/screen.crypt.diff deleted file mode 100644 index 2c80efbb..00000000 --- a/source/ap/screen/screen.crypt.diff +++ /dev/null @@ -1,126 +0,0 @@ -From cbaa666d4f21988164068a38ac915f8b4f3c4da3 Mon Sep 17 00:00:00 2001 -From: Sadrul Habib Chowdhury <sadrul@users.sourceforge.net> -Date: Sat, 15 Sep 2012 03:40:23 +0000 -Subject: Guard against NULL returns from crypt(). - -crypt() can return NULL on an error. Make sure these nulls are -handled properly instead of crashing. The fix is thanks to a patch -from Lukás Nykrýn <lnykryn@redhat.com>. ---- -diff --git a/src/acls.c b/src/acls.c -index e728bb8..2f8c809 100644 ---- a/src/acls.c -+++ b/src/acls.c -@@ -455,6 +455,16 @@ int recursive; - return gp; /* *gp is NULL */ - } - -+static int -+PasswordMatches(pw, password) -+const char *pw, *password; -+{ -+ if (!*password) -+ return 0; -+ char *buf = crypt(pw, password); -+ return (buf && !strcmp(buf, password)); -+} -+ - /* - * Returns nonzero if failed or already linked. - * Both users are created on demand. -@@ -544,8 +554,7 @@ char *name, *pw1, *pw2; - - if (pw2 && *pw2 && *pw2 != '\377') /* provided a system password */ - { -- if (!*pass || /* but needed none */ -- strcmp(crypt(pw2, pass), pass)) -+ if (!PasswordMatches(pw2, pass)) - { - debug("System password mismatch\n"); - sorry++; -@@ -554,11 +563,10 @@ char *name, *pw1, *pw2; - else /* no pasword provided */ - if (*pass) /* but need one */ - sorry++; --#endif -+#endif /* CHECKLOGIN */ - if (pw1 && *pw1 && *pw1 != '\377') /* provided a screen password */ - { -- if (!*u->u_password || /* but needed none */ -- strcmp(crypt(pw1, u->u_password), u->u_password)) -+ if (!PasswordMatches(pw1, u->u_password)) - { - debug("screen password mismatch\n"); - sorry++; -diff --git a/src/attacher.c b/src/attacher.c -index 370d594..4e496be 100644 ---- a/src/attacher.c -+++ b/src/attacher.c -@@ -882,6 +882,12 @@ screen_builtin_lck() - salt[1] = 'A' + (int)((time(0) >> 6) % 26); - salt[2] = 0; - pass = crypt(mypass, salt); -+ if (!pass) -+ { -+ fprintf(stderr, "crypt() error.\007\n"); -+ sleep(2); -+ return; -+ } - pass = ppp->pw_passwd = SaveStr(pass); - } - #endif -@@ -924,7 +930,8 @@ screen_builtin_lck() - if (pam_error == PAM_SUCCESS) - break; - #else -- if (!strncmp(crypt(cp1, pass), pass, strlen(pass))) -+ char *buf = crypt(cp1, pass); -+ if (buf && !strncmp(buf, pass, strlen(pass))) - break; - #endif - debug("screen_builtin_lck: NO!!!!!\n"); -diff --git a/src/process.c b/src/process.c -index bdf9355..30497a3 100644 ---- a/src/process.c -+++ b/src/process.c -@@ -6360,6 +6360,12 @@ char *data; - buf = crypt(u->u_password, salt); - bzero(u->u_password, strlen(u->u_password)); - free((char *)u->u_password); -+ if (!buf) -+ { -+ Msg(0, "[ crypt() error - no secure ]"); -+ u->u_password = NullStr; -+ return; -+ } - u->u_password = SaveStr(buf); - bzero(buf, strlen(buf)); - #ifdef COPY_PASTE -diff --git a/src/socket.c b/src/socket.c -index 8f9a315..a7755a4 100644 ---- a/src/socket.c -+++ b/src/socket.c -@@ -1565,13 +1565,18 @@ int ilen; - c = *(unsigned char *)ibuf++; - if (c == '\r' || c == '\n') - { -+ char *buf = NULL; - up = D_user->u_password; - pwdata->buf[l] = 0; -- if (strncmp(crypt(pwdata->buf, up), up, strlen(up))) -+ buf = crypt(pwdata->buf, up); -+ if (!buf || strncmp(buf, up, strlen(up))) - { - /* uh oh, user failed */ - bzero(pwdata->buf, sizeof(pwdata->buf)); -- AddStr("\r\nPassword incorrect.\r\n"); -+ if (!buf) -+ AddStr("\r\ncrypt() failed.\r\n"); -+ else -+ AddStr("\r\nPassword incorrect.\r\n"); - D_processinputdata = 0; /* otherwise freed by FreeDis */ - FreeDisplay(); - Msg(0, "Illegal reattach attempt from terminal %s.", pwdata->m.m_tty); --- -cgit v0.9.0.2 - |