RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MINOR: auth: silence null dereference warning in check_user() 

In GH issue #1940 cppcheck warns about a possible null-dereference in
check_user() when DEBUG_AUTH is enabled. Indeed, <ep> may potentially
be NULL because upon error crypt_r() and crypt() may return a null
pointer. However it's not directly derefenced, it is only passed to
printf() with '%s' fmt. While it is in practice fine with the printf
implementations we care about (that check strings against null before
printing them), it is undefined behavior according to the spec, hence
the warning.

Let's check <ep> before passing it to printf. This should partly
solve GH #1940.
This commit is contained in:
Aurelien DARRAGON 2022-11-24 08:37:13 +01:00 committed by Willy Tarreau
parent 95f40c698d
commit a7dc251e07
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/auth.c
View File

@ -270,7 +270,7 @@ check_user(struct userlist *ul, const char *user, const char *pass)
ep = pass;
#ifdef DEBUG_AUTH
fprintf(stderr, ", crypt=%s\n", ep);
fprintf(stderr, ", crypt=%s\n", ((ep) ? ep : ""));
#endif
if (ep && strcmp(ep, u->pass) == 0)