blob: 3184210dde6f2032261aa39f597f13509202205f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1367250157 -28800
# Node ID 7bd88d546627ff31d0e2d91e6022b3e77a943efb
# Parent ea04e3eb03e2c3d59d82e361882711de844068a4
Avoid segfault for locked accounts (invalid salt to crypt())
diff -r ea04e3eb03e2 -r 7bd88d546627 svr-authpasswd.c
--- a/svr-authpasswd.c Thu Apr 18 23:15:17 2013 +0800
+++ b/svr-authpasswd.c Mon Apr 29 23:42:37 2013 +0800
@@ -66,6 +66,14 @@
m_burn(password, passwordlen);
m_free(password);
+ if (testcrypt == NULL) {
+ /* crypt() with an invalid salt like "!!" */
+ dropbear_log(LOG_WARNING, "User account '%s' is locked",
+ ses.authstate.pw_name);
+ send_msg_userauth_failure(0, 1);
+ return;
+ }
+
/* check for empty password */
if (passwdcrypt[0] == '\0') {
dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
|