Created attachment 186736 [details] auth.c patch Hello, In my opinion, the current code in usr.sbin/ppp/auth.c:auth_CheckPasswd (NOPAM section) is incorrect: - pw is not initialized before use, - success is returned if crypt(3) returns error (NULL). I'm attaching a patch, please review. Regards, Lubos Boucek
Thanks Lubos. The patch (which correctly takes f4a9869feb646aafe72de6e5d61051a023a02676 from Dragonfly) looks good to me. The FreeBSD bug was introduced in r231994, which purported to take fixes from Dragonfly but seems to have introduced this bug in the process. After this, I'll spend some time reviewing that patch for other similar bugs.
Fixed in r324225.
A commit references this bug: Author: cem Date: Mon Oct 2 23:14:30 UTC 2017 New revision: 324225 URL: https://svnweb.freebsd.org/changeset/base/324225 Log: ppp(8): Fix various bugs in NOPAM section of auth_CheckPasswd * pw is not initialized before use * success is returned if crypt(3) errors These bugs were introduced in r231994, which attempted to adopt DragonflyBSD f4a9869feb646aafe72de6e5d61051a023a02676. The original author of the Dragonfly change also noticed these mistakes and filed the PR. PR: 222620 Submitted by: Lubos Boucek <bouceklubos AT gmail.com> Obtained from: DragonflyBSD f4a9869feb646aafe72de6e5d61051a023a02676 Changes: head/usr.sbin/ppp/auth.c