From b44bde11068be8b64d65281fa985ba877ad30f63 Mon Sep 17 00:00:00 2001
From: tedu <tedu@openbsd.org>
Date: Mon, 24 Nov 2014 21:36:35 +0000
Subject: check crypt() for null. noticed by Jonas Termansen

---
 lib/libc/crypt/cryptutil.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/libc/crypt/cryptutil.c')

diff --git a/lib/libc/crypt/cryptutil.c b/lib/libc/crypt/cryptutil.c
index cadc67af81f..ca8be8fa0f3 100644
--- a/lib/libc/crypt/cryptutil.c
+++ b/lib/libc/crypt/cryptutil.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptutil.c,v 1.4 2014/11/21 12:32:38 schwarze Exp $ */
+/* $OpenBSD: cryptutil.c,v 1.5 2014/11/24 21:36:35 tedu Exp $ */
 /*
  * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
  *
@@ -45,7 +45,7 @@ crypt_checkpass(const char *pass, const char *goodhash)
 
 	/* have to do it the hard way */
 	res = crypt(pass, goodhash);
-	if (strlen(res) != strlen(goodhash) ||
+	if (res == NULL || strlen(res) != strlen(goodhash) ||
 	    timingsafe_bcmp(res, goodhash, strlen(goodhash)) != 0) {
 		goto fail;
 	}
-- 
cgit v1.2.3-59-g8ed1b