session: handle NULL return values of crypt()

The crypt() function may return NULL with errno ENOSYS when an attempt was made to crypt the plaintext password using a salt requesting an unsupported cipher. Avoid triggering segmentation faults in the subsequent strcmp() operation by checking for a non-NULL hash value. Fixes: FS#2291 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
author: Jo-Philipp Wich 2019-05-22 12:25:52 +0000
committer: Jo-Philipp Wich 2019-05-22 12:25:52 +0000
commit: 569284a119f958154fe076f5bc06b031d59a71cc (patch)
tree: c4d8820ff5600ce8db782435deefac6d71c32b4b
parent: d610800a0f483a0f4af58f08bc4ac84c4ba3e07e (diff)
download: rpcd-569284a119f958154fe076f5bc06b031d59a71cc.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/session.c b/session.c
index 3ed4519..13a2ef3 100644
--- a/session.c
+++ b/session.c
@@ -822,7 +822,7 @@ rpc_login_test_password(const char *hash, const char *password)
 
 	crypt_hash = crypt(password, hash);
 
-	return !strcmp(crypt_hash, hash);
+	return (crypt_hash && !strcmp(crypt_hash, hash));
 }
 
 static struct uci_section *
author	Jo-Philipp Wich	2019-05-22 12:25:52 +0000
committer	Jo-Philipp Wich	2019-05-22 12:25:52 +0000
commit	569284a119f958154fe076f5bc06b031d59a71cc (patch)
tree	c4d8820ff5600ce8db782435deefac6d71c32b4b
parent	d610800a0f483a0f4af58f08bc4ac84c4ba3e07e (diff)
download	rpcd-569284a119f958154fe076f5bc06b031d59a71cc.tar.gz