From a7dc251e0747bb41a145b111e66fa54898fcc5fe Mon Sep 17 00:00:00 2001 From: Aurelien DARRAGON Date: Thu, 24 Nov 2022 08:37:13 +0100 Subject: [PATCH] MINOR: auth: silence null dereference warning in check_user() In GH issue #1940 cppcheck warns about a possible null-dereference in check_user() when DEBUG_AUTH is enabled. Indeed, may potentially be NULL because upon error crypt_r() and crypt() may return a null pointer. However it's not directly derefenced, it is only passed to printf() with '%s' fmt. While it is in practice fine with the printf implementations we care about (that check strings against null before printing them), it is undefined behavior according to the spec, hence the warning. Let's check before passing it to printf. This should partly solve GH #1940. --- src/auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/auth.c b/src/auth.c index 8c263744da..0031300bc5 100644 --- a/src/auth.c +++ b/src/auth.c @@ -270,7 +270,7 @@ check_user(struct userlist *ul, const char *user, const char *pass) ep = pass; #ifdef DEBUG_AUTH - fprintf(stderr, ", crypt=%s\n", ep); + fprintf(stderr, ", crypt=%s\n", ((ep) ? ep : "")); #endif if (ep && strcmp(ep, u->pass) == 0)