BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm

Gr�goire Morpain reported a segfault when a secured password is used for http authentication. It was caused by the use of an unsupported encryption algorithm with libcrypto. In this case, crypt() returns a NULL pointer. The fix should be backported to 1.4 and 1.5.
2025-02-22 21:56:55 +00:00 · 2014-08-29 20:20:01 +02:00 · 2014-08-29 20:20:01 +02:00 · c82279c5fc
commit c82279c5fc
parent aa4e32e10a
1 changed files with 1 additions and 1 deletions
--- a/src/auth.c
+++ b/src/auth.c
@ -252,7 +252,7 @@ check_user(struct userlist *ul, const char *user, const char *pass)
 	fprintf(stderr, ", crypt=%s\n", ep);
 #endif

-	if (!strcmp(ep, u->pass))
+	if (ep && strcmp(ep, u->pass) == 0)
 		return 1;
 	else
 		return 0;