bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #39040] Fix potential NULL pointer dereference with glibc 2.17+


From: Petr Pisar
Subject: [bug #39040] Fix potential NULL pointer dereference with glibc 2.17+
Date: Thu, 23 May 2013 11:12:17 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0

Follow-up Comment #1, bug #39040 (project cvs):

@@ -5632,9 +5633,11 @@ check_repository_password (username, pas
        host_user_tmp = username;

    /* Verify blank passwords directly, otherwise use crypt(). */
+   crypt_passwd = crypt (password, found_password);

Do you think calling crypt(, NULL) is wise? Documentation does not describe
behavior in this case. I would prefer guard this call with (found_password !=
NULL) condition.


    if ((found_password == NULL)
-       || ((strcmp (found_password, crypt (password, found_password))
-        == 0)))
+       || (crypt_passwd != NULL
+               && (strcmp (found_password, crypt (password, found_password))
+           == 0)))

Here you can replace the crypt() call with already computed crypt_passwd
value.


    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?39040>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]