mirror of git://anongit.mindrot.org/openssh.git
in pick_salt() avoid dereference of NULL passwords
Apparently some NIS implementations can leave pw->pw_passwd (or the shadow equivalent) NULL. bz#2909; based on patch from Todd Eigenschink
This commit is contained in:
parent
edbb6febcc
commit
d1d301a1dd
|
@ -82,7 +82,8 @@ pick_salt(void)
|
|||
strlcpy(salt, "xx", sizeof(salt));
|
||||
setpwent();
|
||||
while ((pw = getpwent()) != NULL) {
|
||||
passwd = shadow_pw(pw);
|
||||
if ((passwd = shadow_pw(pw)) == NULL)
|
||||
continue;
|
||||
if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
|
||||
typelen = p - passwd + 1;
|
||||
strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
|
||||
|
|
Loading…
Reference in New Issue