Attachment 187159 Details for Bug 222999 – crypt(3) - strcmp(3) seg-faults patch

[patch] crypt(3) - strcmp(3) seg-faults patch

0001-freebsd-crypt.diff (text/plain), 4.52 KB, created by Lubos Boucek on 2017-10-14 09:03:47 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Lubos Boucek

Created: 2017-10-14 09:03:47 UTC

Size: 4.52 KB

patch

obsolete

>Index: contrib/opie/opieftpd.c
>===================================================================
>--- contrib/opie/opieftpd.c	(revision 324609)
>+++ contrib/opie/opieftpd.c	(working copy)
>@@ -524,6 +524,7 @@
> VOIDRET pass FUNCTION((passwd), char *passwd)
> {
>   int legit = askpasswd + 1, i;
>+  char *cryptpw;
> 
>   if (logged_in || askpasswd == 0) {
>     reply(503, "Login with USER first.");
>@@ -535,8 +536,10 @@
>   if (!guest) { /* "ftp" is only account allowed no password */
> #endif	/* DOANONYMOUS */
>     i = opieverify(&opiestate, passwd);
>-    if (legit && i && pwok) 
>-      i = strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd);
>+    if (legit && i && pwok) {
>+      cryptpw = crypt(passwd, pw->pw_passwd);
>+      i = (cryptpw == NULL || strcmp(cryptpw, pw->pw_passwd) != 0);
>+    }
>     if (!legit || i) {
>       reply(530, "Login incorrect.");
>       pw = NULL;
>Index: contrib/opie/opiesu.c
>===================================================================
>--- contrib/opie/opiesu.c	(revision 324609)
>+++ contrib/opie/opiesu.c	(working copy)
>@@ -309,6 +309,7 @@
>   struct passwd *pwd;
>   char *p = getlogin();
>   char buf[32];
>+  char *cryptpw;
> 
>   if ((pwd = getpwuid(getuid())) == NULL) {
>     syslog(LOG_CRIT, "'%s' failed for unknown uid %d on %s", argvbuf, getuid(), ttyname(2));
>@@ -425,7 +426,8 @@
> 
>   if (console) {
>     /* Try regular password check, if allowed */
>-    if (!strcmp(crypt(pbuf, thisuser.pw_passwd), thisuser.pw_passwd))
>+    cryptpw = crypt(pbuf, thisuser.pw_passwd);
>+    if (cryptpw != NULL && strcmp(cryptpw, thisuser.pw_passwd) == 0)
>       goto ok;
>   } else {
>     int i = opiegetsequence(&opie);
>Index: contrib/pam_modules/pam_passwdqc/pam_passwdqc.c
>===================================================================
>--- contrib/pam_modules/pam_passwdqc/pam_passwdqc.c	(revision 324609)
>+++ contrib/pam_modules/pam_passwdqc/pam_passwdqc.c	(working copy)
>@@ -318,7 +318,7 @@
> #endif
> 	pam_item_t item;
> 	lo_const char *user, *oldpass, *curpass;
>-	char *newpass, *randompass;
>+	char *newpass, *randompass, *cryptpw;
> 	const char *reason;
> 	int ask_oldauthtok;
> 	int randomonly, enforce, retries_left, retry_wanted;
>@@ -388,8 +388,9 @@
> 				spw = getspnam(user);
> 				endspent();
> 				if (spw) {
>-					if (strcmp(crypt(oldpass, spw->sp_pwdp),
>-					    spw->sp_pwdp))
>+					cryptpw = crypt(oldpass, spw->sp_pwdp);
>+					if (cryptpw == NULL || strcmp(cryptpw,
>+					    spw->sp_pwdp) != 0)
> 						status = PAM_AUTH_ERR;
> 					memset(spw->sp_pwdp, 0,
> 					    strlen(spw->sp_pwdp));
>@@ -397,8 +398,9 @@
> 					status = PAM_AUTH_ERR;
> 			} else
> #endif
>-			if (strcmp(crypt(oldpass, pw->pw_passwd),
>-			    pw->pw_passwd))
>+			cryptpw = crypt(oldpass, pw->pw_passwd);
>+			if (cryptpw == NULL || strcmp(cryptpw,
>+			    pw->pw_passwd) != 0)
> 				status = PAM_AUTH_ERR;
> 		}
> 		memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
>Index: crypto/heimdal/lib/roken/verify.c
>===================================================================
>--- crypto/heimdal/lib/roken/verify.c	(revision 324609)
>+++ crypto/heimdal/lib/roken/verify.c	(working copy)
>@@ -46,6 +46,7 @@
> unix_verify_user(char *user, char *password)
> {
>     struct passwd *pw;
>+    char *cryptpw;
> 
>     pw = k_getpwnam(user);
>     if(pw == NULL)
>@@ -52,7 +53,8 @@
> 	return -1;
>     if(strlen(pw->pw_passwd) == 0 && strlen(password) == 0)
> 	return 0;
>-    if(strcmp(crypt(password, pw->pw_passwd), pw->pw_passwd) == 0)
>+    cryptpw = crypt(password, pw->pw_passwd);
>+    if(cryptpw != NULL && strcmp(cryptpw, pw->pw_passwd) == 0)
>         return 0;
>     return -1;
> }
>Index: lib/libpam/modules/pam_unix/pam_unix.c
>===================================================================
>--- lib/libpam/modules/pam_unix/pam_unix.c	(revision 324609)
>+++ lib/libpam/modules/pam_unix/pam_unix.c	(working copy)
>@@ -92,6 +92,7 @@
> 	struct passwd *pwd;
> 	int retval;
> 	const char *pass, *user, *realpw, *prompt;
>+	char *cryptpw;
> 
> 	if (openpam_get_option(pamh, PAM_OPT_AUTH_AS_SELF)) {
> 		user = getlogin();
>@@ -125,7 +126,8 @@
> 	if (retval != PAM_SUCCESS)
> 		return (retval);
> 	PAM_LOG("Got password");
>-	if (strcmp(crypt(pass, realpw), realpw) == 0)
>+	cryptpw = crypt(pass, realpw);
>+	if (cryptpw != NULL && strcmp(cryptpw, realpw) == 0)
> 		return (PAM_SUCCESS);
> 
> 	PAM_VERBOSE_ERROR("UNIX authentication refused");
>@@ -345,7 +347,7 @@
> 		if (old_pass[0] == '\0' &&
> 		    !openpam_get_option(pamh, PAM_OPT_NULLOK))
> 			return (PAM_PERM_DENIED);
>-		if (strcmp(encrypted, pwd->pw_passwd) != 0)
>+		if (encrypted == NULL || strcmp(encrypted, pwd->pw_passwd) != 0)
> 			return (PAM_PERM_DENIED);
> 	}
> 	else if (flags & PAM_UPDATE_AUTHTOK) {

Actions: View | Diff

Attachments on bug 222999: 187159