From: Jo-Philipp Wich <jo@mein.io>
Date: Wed, 22 May 2019 12:25:52 +0000 (+0200)
Subject: session: handle NULL return values of crypt()
X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=569284a119f958154fe076f5bc06b031d59a71cc;p=project%2Frpcd.git

session: handle NULL return values of crypt()

The crypt() function may return NULL with errno ENOSYS when an attempt
was made to crypt the plaintext password using a salt requesting an
unsupported cipher.

Avoid triggering segmentation faults in the subsequent strcmp() operation
by checking for a non-NULL hash value.

Fixes: FS#2291
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---

diff --git a/session.c b/session.c
index 3ed4519..13a2ef3 100644
--- a/session.c
+++ b/session.c
@@ -822,7 +822,7 @@ rpc_login_test_password(const char *hash, const char *password)
 
 	crypt_hash = crypt(password, hash);
 
-	return !strcmp(crypt_hash, hash);
+	return (crypt_hash && !strcmp(crypt_hash, hash));
 }
 
 static struct uci_section *