From fd1ddd00a3c98fea5740dbeb03efdd9304102023 Mon Sep 17 00:00:00 2001 From: Aki Tuomi Date: Tue, 9 May 2023 11:20:59 +0300 Subject: [PATCH] auth: db-lua - Check for nil in auth_request_lua_password_verify() Avoids crash if script calls the function with nil values. --- src/auth/db-lua.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/auth/db-lua.c b/src/auth/db-lua.c index e086307c2e..c0b22d7372 100644 --- a/src/auth/db-lua.c +++ b/src/auth/db-lua.c @@ -193,6 +193,10 @@ static int auth_request_lua_password_verify(lua_State *L) const unsigned char *raw_password = NULL; size_t raw_password_size; int ret; + if (crypted_password == NULL) + return luaL_error(L, "Crypted password must not be nil"); + if (plain_password == NULL) + return luaL_error(L, "Plain password must not be nil"); struct password_generate_params gen_params = { .user = request->fields.original_username, .rounds = 0 -- 2.47.3