From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 26 May 2026 12:08:38 +0000 (+0200)
Subject: BUG/MEDIUM: auth: fix unconfigured password NULL deref
X-Git-Tag: v3.4-dev14~14
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=dfb6daca1fc398949fcba19e030748ebe8487de2;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: auth: fix unconfigured password NULL deref

Fix a case of dereference NULL pointer when trying to use an user from
an userlist which does not have a password configured.

The check_user() function tries to do an strcmp of the password, howver
u->pass is NULL and the strcmp would crash when trying.

Must be backported in every stable branches.
---

diff --git a/src/auth.c b/src/auth.c
index f2380753a..d82cead9c 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -297,7 +297,7 @@ check_user(struct userlist *ul, const char *user, const char *pass)
 	fprintf(stderr, ", crypt=%s\n", ((ep) ? ep : ""));
 #endif
 
-	if (ep && strcmp(ep, u->pass) == 0)
+	if (ep && u->pass && strcmp(ep, u->pass) == 0)
 		return 1;
 	else
 		return 0;