[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #39040] Fix potential NULL pointer dereference with glibc 2.17+
From: |
Petr Pisar |
Subject: |
[bug #39040] Fix potential NULL pointer dereference with glibc 2.17+ |
Date: |
Thu, 23 May 2013 11:12:17 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101 Firefox/21.0 |
Follow-up Comment #1, bug #39040 (project cvs):
@@ -5632,9 +5633,11 @@ check_repository_password (username, pas
host_user_tmp = username;
/* Verify blank passwords directly, otherwise use crypt(). */
+ crypt_passwd = crypt (password, found_password);
Do you think calling crypt(, NULL) is wise? Documentation does not describe
behavior in this case. I would prefer guard this call with (found_password !=
NULL) condition.
if ((found_password == NULL)
- || ((strcmp (found_password, crypt (password, found_password))
- == 0)))
+ || (crypt_passwd != NULL
+ && (strcmp (found_password, crypt (password, found_password))
+ == 0)))
Here you can replace the crypt() call with already computed crypt_passwd
value.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?39040>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/