From: Timo Sirainen <tss@iki.fi>
Date: Thu, 21 May 2009 16:45:50 +0000 (-0400)
Subject: auth: Handle crypt() failing.
X-Git-Tag: 2.0.alpha1~710
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0afc67e19d59d5f8f4eca73903047a970b5f6016;p=thirdparty%2Fdovecot%2Fcore.git

auth: Handle crypt() failing.

--HG--
branch : HEAD
---

diff --git a/src/auth/password-scheme.c b/src/auth/password-scheme.c
index 1c1c2f2bf4..b7c4c76e3a 100644
--- a/src/auth/password-scheme.c
+++ b/src/auth/password-scheme.c
@@ -255,7 +255,7 @@ static bool
 crypt_verify(const char *plaintext, const char *user ATTR_UNUSED,
 	     const unsigned char *raw_password, size_t size)
 {
-	const char *password;
+	const char *password, *crypted;
 
 	if (size == 0) {
 		/* the default mycrypt() handler would return match */
@@ -263,7 +263,14 @@ crypt_verify(const char *plaintext, const char *user ATTR_UNUSED,
 	}
 
 	password = t_strndup(raw_password, size);
-	return strcmp(mycrypt(plaintext, password), password) == 0;
+	crypted = mycrypt(plaintext, password);
+	if (crypted == NULL) {
+		/* really shouldn't happen unless the system is broken */
+		i_error("crypt() failed: %m");
+		return FALSE;
+	}
+
+	return strcmp(crypted, password) == 0;
 }
 
 static void