segfault in svr-authpasswd.c
Matt Johnston
matt at ucc.asn.au
Mon May 13 21:40:40 WST 2013
Hi,
Thanks for that, I've committed the fix.
Cheers,
Matt
On Mon, Apr 29, 2013 at 08:20:32AM -0600, Kevin Johnson wrote:
> For users with locked accounts, dropbear segfaults on password
> authentication. The call to crypt() with glibc 2.17 returns NULL if
> the passwd field is '!'. Strcmp() segfaults on the NULL value. Here's
> a patch against 2013.58 that adds a check.
>
> --- svr-authpasswd.c.old
> +++ svr-authpasswd.c
> @@ -66,6 +66,12 @@
> m_burn(password, passwordlen);
> m_free(password);
>
> + if (testcrypt == NULL) {
> + dropbear_log(LOG_WARNING, "Crypt against user '%s' password
> failed, rejected",
> + ses.authstate.pw_name);
> + send_msg_userauth_failure(0, 1);
> + return;
> + }
> /* check for empty password */
> if (passwdcrypt[0] == '\0') {
> dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
>
>
> --
> thx,
> Kevin Johnson
More information about the Dropbear
mailing list