| Message ID | 20220222135143.30602-3-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 1af808982460 |
| Headers | show |
| Series | [1/4] newrole: add Makefile target to test build options | expand |
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c index c9989863..781f99b6 100644 --- a/policycoreutils/newrole/newrole.c +++ b/policycoreutils/newrole/newrole.c @@ -368,9 +368,14 @@ static int authenticate_via_shadow_passwd(const char *uname) } /* Use crypt() to encrypt user's input password. */ + errno = 0; encrypted_password_s = crypt(unencrypted_password_s, p_shadow_line->sp_pwdp); memset(unencrypted_password_s, 0, strlen(unencrypted_password_s)); + if (errno || !encrypted_password_s) { + fprintf(stderr, _("Cannot encrypt password.\n")); + return 0; + } return (!strcmp(encrypted_password_s, p_shadow_line->sp_pwdp)); } #endif /* if/else USE_PAM */
Depending on the implementation crypt(3) can fail either by returning NULL, or returning a pointer to an invalid hash and setting errno. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- policycoreutils/newrole/newrole.c | 5 +++++ 1 file changed, 5 insertions(+)