From: Stacey Marshall Date: Tue, 14 Nov 2023 16:36:16 +0000 (+0000) Subject: ITS#10130 Several callers of getpassphrase() ignore NULL returns X-Git-Tag: OPENLDAP_REL_ENG_2_5_17~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43798262ce7810c0421b5aab729040e48d915c5b;p=thirdparty%2Fopenldap.git ITS#10130 Several callers of getpassphrase() ignore NULL returns --- diff --git a/clients/tools/common.c b/clients/tools/common.c index b88f219b36..9dfbb53e32 100644 --- a/clients/tools/common.c +++ b/clients/tools/common.c @@ -1472,10 +1472,11 @@ tool_bind( LDAP *ld ) } else { char *pw = getpassphrase( _("Enter LDAP Password: ") ); - if ( pw ) { - passwd.bv_val = ber_strdup( pw ); - passwd.bv_len = strlen( passwd.bv_val ); + if ( pw == NULL ) { /* Allow EOF to exit. */ + tool_exit( ld, EXIT_FAILURE ); } + passwd.bv_val = ber_strdup( pw ); + passwd.bv_len = strlen( passwd.bv_val ); } } diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c index 2cf14d104e..036e5e1cb8 100644 --- a/clients/tools/ldappasswd.c +++ b/clients/tools/ldappasswd.c @@ -206,7 +206,12 @@ main( int argc, char *argv[] ) if( want_oldpw && oldpw.bv_val == NULL ) { /* prompt for old password */ char *ckoldpw; - oldpw.bv_val = strdup(getpassphrase(_("Old password: "))); + ckoldpw = getpassphrase(_("Old password: ")); + if ( ckoldpw == NULL ) { /* Allow EOF to exit. */ + rc = EXIT_FAILURE; + goto done; + } + oldpw.bv_val = strdup( ckoldpw ); ckoldpw = getpassphrase(_("Re-enter old password: ")); if( oldpw.bv_val == NULL || ckoldpw == NULL || @@ -231,7 +236,12 @@ main( int argc, char *argv[] ) if( want_newpw && newpw.bv_val == NULL ) { /* prompt for new password */ char *cknewpw; - newpw.bv_val = strdup(getpassphrase(_("New password: "))); + cknewpw = getpassphrase(_("New password: ")); + if ( cknewpw == NULL ) { /* Allow EOF to exit. */ + rc = EXIT_FAILURE; + goto done; + } + newpw.bv_val = strdup( cknewpw ); cknewpw = getpassphrase(_("Re-enter new password: ")); if( newpw.bv_val == NULL || cknewpw == NULL || diff --git a/clients/tools/ldapvc.c b/clients/tools/ldapvc.c index 4f35025ec1..264f29316f 100644 --- a/clients/tools/ldapvc.c +++ b/clients/tools/ldapvc.c @@ -309,8 +309,13 @@ main( int argc, char *argv[] ) #endif && !cred.bv_val) { - cred.bv_val = strdup(getpassphrase(_("User's password: "))); - cred.bv_len = strlen(cred.bv_val); + char *userpw = getpassphrase(_("User's password: ")); + if ( userpw == NULL ) /* Allow EOF to exit. */ + { + tool_exit( ld, EXIT_FAILURE ); + } + cred.bv_val = strdup(userpw); + cred.bv_len = strlen(cred.bv_val); } #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE diff --git a/servers/slapd/slappasswd.c b/servers/slapd/slappasswd.c index 9c2adef220..e38436461e 100644 --- a/servers/slapd/slappasswd.c +++ b/servers/slapd/slappasswd.c @@ -250,11 +250,16 @@ slappasswd( int argc, char *argv[] ) if( newpw == NULL ) { /* prompt for new password */ char *cknewpw; - newpw = ch_strdup(getpassphrase("New password: ")); + newpw = getpassphrase("New password: "); + if ( newpw == NULL ) { /* Allow EOF to exit. */ + rc = EXIT_FAILURE; + goto destroy; + } + newpw = ch_strdup(newpw); cknewpw = getpassphrase("Re-enter new password: "); - - if( strcmp( newpw, cknewpw )) { - fprintf( stderr, "Password values do not match\n" ); + if( cknewpw == NULL || strcmp( newpw, cknewpw )) { + fprintf( stderr, + "Password values do not match\n" ); rc = EXIT_FAILURE; goto destroy; } diff --git a/tests/progs/slapd-tester.c b/tests/progs/slapd-tester.c index 7ad88b82f7..8f9656e677 100644 --- a/tests/progs/slapd-tester.c +++ b/tests/progs/slapd-tester.c @@ -406,6 +406,9 @@ main( int argc, char **argv ) if ( pw_ask ) { passwd = getpassphrase( _("Enter LDAP Password: ") ); + if ( passwd == NULL ) { /* Allow EOF to exit. */ + exit( EXIT_FAILURE ); + } } else if ( pw_file ) { struct berval pw;