check crypt() for null. noticed by Jonas Termansen

author: tedu <tedu@openbsd.org> 2014-11-24 21:36:35 +0000
committer: tedu <tedu@openbsd.org> 2014-11-24 21:36:35 +0000
commit: b44bde11068be8b64d65281fa985ba877ad30f63 (patch)
tree: 7c328916f40de12b0d45398225c40e344bbff6e0 /lib/libc/crypt/cryptutil.c
parent: The handling of the -f option is a hack. Instead of fooling around (diff)
download: wireguard-openbsd-b44bde11068be8b64d65281fa985ba877ad30f63.tar.xz
wireguard-openbsd-b44bde11068be8b64d65281fa985ba877ad30f63.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libc/crypt/cryptutil.c b/lib/libc/crypt/cryptutil.c
index cadc67af81f..ca8be8fa0f3 100644
--- a/lib/libc/crypt/cryptutil.c
+++ b/lib/libc/crypt/cryptutil.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptutil.c,v 1.4 2014/11/21 12:32:38 schwarze Exp $ */
+/* $OpenBSD: cryptutil.c,v 1.5 2014/11/24 21:36:35 tedu Exp $ */
 /*
  * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
  *
@@ -45,7 +45,7 @@ crypt_checkpass(const char *pass, const char *goodhash)
 
 	/* have to do it the hard way */
 	res = crypt(pass, goodhash);
-	if (strlen(res) != strlen(goodhash) ||
+	if (res == NULL || strlen(res) != strlen(goodhash) ||
 	    timingsafe_bcmp(res, goodhash, strlen(goodhash)) != 0) {
 		goto fail;
 	}
author	tedu <tedu@openbsd.org>	2014-11-24 21:36:35 +0000
committer	tedu <tedu@openbsd.org>	2014-11-24 21:36:35 +0000
commit	b44bde11068be8b64d65281fa985ba877ad30f63 (patch)
tree	7c328916f40de12b0d45398225c40e344bbff6e0 /lib/libc/crypt/cryptutil.c
parent	The handling of the -f option is a hack. Instead of fooling around (diff)
download	wireguard-openbsd-b44bde11068be8b64d65281fa985ba877ad30f63.tar.xz wireguard-openbsd-b44bde11068be8b64d65281fa985ba877ad30f63.zip