Browse Source

check crypt() for null. noticed by Jonas Termansen

OPENBSD_5_7
tedu 10 years ago
parent
commit
19e1186454
1 changed files with 2 additions and 2 deletions
  1. +2
    -2
      src/lib/libc/crypt/cryptutil.c

+ 2
- 2
src/lib/libc/crypt/cryptutil.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: cryptutil.c,v 1.4 2014/11/21 12:32:38 schwarze Exp $ */
/* $OpenBSD: cryptutil.c,v 1.5 2014/11/24 21:36:35 tedu Exp $ */
/*
* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
*
@ -45,7 +45,7 @@ crypt_checkpass(const char *pass, const char *goodhash)
/* have to do it the hard way */
res = crypt(pass, goodhash);
if (strlen(res) != strlen(goodhash) ||
if (res == NULL || strlen(res) != strlen(goodhash) ||
timingsafe_bcmp(res, goodhash, strlen(goodhash)) != 0) {
goto fail;
}


Loading…
Cancel
Save