diff options
| author |   tedu <tedu@openbsd.org> | 2014-11-24 21:36:35 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2014-11-24 21:36:35 +0000 |
| commit | b44bde11068be8b64d65281fa985ba877ad30f63 (patch) | |
| tree | 7c328916f40de12b0d45398225c40e344bbff6e0 | |
| parent | The handling of the -f option is a hack. Instead of fooling around (diff) | |
| download | wireguard-openbsd-b44bde11068be8b64d65281fa985ba877ad30f63.tar.xz wireguard-openbsd-b44bde11068be8b64d65281fa985ba877ad30f63.zip | |
check crypt() for null. noticed by Jonas Termansen
| -rw-r--r-- | lib/libc/crypt/cryptutil.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libc/crypt/cryptutil.c b/lib/libc/crypt/cryptutil.c index cadc67af81f..ca8be8fa0f3 100644 --- a/lib/libc/crypt/cryptutil.c +++ b/lib/libc/crypt/cryptutil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptutil.c,v 1.4 2014/11/21 12:32:38 schwarze Exp $ */ +/* $OpenBSD: cryptutil.c,v 1.5 2014/11/24 21:36:35 tedu Exp $ */ /* * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> * @@ -45,7 +45,7 @@ crypt_checkpass(const char *pass, const char *goodhash) /* have to do it the hard way */ res = crypt(pass, goodhash); - if (strlen(res) != strlen(goodhash) || + if (res == NULL || strlen(res) != strlen(goodhash) || timingsafe_bcmp(res, goodhash, strlen(goodhash)) != 0) { goto fail; } |