... instead of crashing the helper.
"
Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL (w/
NULL return) if the salt violates specifications. Additionally, on
FIPS-140 enabled Linux systems, DES or MD5 encrypted passwords passed to
crypt() fail with EPERM (w/ NULL return).
"
if (!nispasswd) {
/* User does not exist */
printf("ERR No such user\n");
+ continue;
+ }
+
#if HAVE_CRYPT
- } else if (strcmp(nispasswd, (char *) crypt(passwd, nispasswd)) == 0) {
+ char *crypted = NULL;
+ if ((crypted = crypt(passwd, nispasswd)) && strcmp(nispasswd, crypted) == 0) {
/* All ok !, thanks... */
printf("OK\n");
} else {
/* Password incorrect */
printf("ERR Wrong password\n");
-#else
}
- else {
- /* Password incorrect */
- printf("BH message=\"Missing crypto capability\"\n");
+#else
+ /* Password incorrect */
+ printf("BH message=\"Missing crypto capability\"\n");
#endif
- }
}
exit(0);
}