From: Jo-Philipp Wich Date: Wed, 22 May 2019 12:25:52 +0000 (+0200) Subject: session: handle NULL return values of crypt() X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=569284a119f958154fe076f5bc06b031d59a71cc;p=oweals%2Frpcd.git session: handle NULL return values of crypt() The crypt() function may return NULL with errno ENOSYS when an attempt was made to crypt the plaintext password using a salt requesting an unsupported cipher. Avoid triggering segmentation faults in the subsequent strcmp() operation by checking for a non-NULL hash value. Fixes: FS#2291 Signed-off-by: Jo-Philipp Wich --- diff --git a/session.c b/session.c index 3ed4519..13a2ef3 100644 --- a/session.c +++ b/session.c @@ -822,7 +822,7 @@ rpc_login_test_password(const char *hash, const char *password) crypt_hash = crypt(password, hash); - return !strcmp(crypt_hash, hash); + return (crypt_hash && !strcmp(crypt_hash, hash)); } static struct uci_section *