ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-15 02:38:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Avoid segfault for locked accounts (invalid salt to crypt())

Browse Source
This commit is contained in:
Matt Johnston 2013-04-29 23:42:37 +08:00
parent 3ea9068e18
commit 57166b400c
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
svr-authpasswd.c
View File

@ -66,6 +66,14 @@ void svr_auth_password() {
m_burn(password, passwordlen); m_burn(password, passwordlen);
m_free(password); m_free(password);
if (testcrypt == NULL) {
/* crypt() with an invalid salt like "!!" */
dropbear_log(LOG_WARNING, "User account '%s' is locked",
ses.authstate.pw_name);
send_msg_userauth_failure(0, 1);
return;
}
/* check for empty password */ /* check for empty password */
if (passwdcrypt[0] == '\0') { if (passwdcrypt[0] == '\0') {
dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",