From: Cyril Bonté <cyril.bonte@free.fr>
Date: Fri, 29 Aug 2014 18:20:01 +0000 (+0200)
Subject: BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown... 
X-Git-Tag: v1.6-dev1~324
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c82279c5fc70a6d12ab6efd61e6c9f536e5d4a3f;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm

Grégoire Morpain reported a segfault when a secured password is used for http
authentication. It was caused by the use of an unsupported encryption algorithm
with libcrypto. In this case, crypt() returns a NULL pointer.

The fix should be backported to 1.4 and 1.5.
---

diff --git a/src/auth.c b/src/auth.c
index 1069c5b76b..42c08083e3 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -252,7 +252,7 @@ check_user(struct userlist *ul, const char *user, const char *pass)
 	fprintf(stderr, ", crypt=%s\n", ep);
 #endif
 
-	if (!strcmp(ep, u->pass))
+	if (ep && strcmp(ep, u->pass) == 0)
 		return 1;
 	else
 		return 0;