diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2013-04-29 23:42:37 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2013-04-29 23:42:37 +0800 |
| commit | 57166b400c25c2e45b23639a413edc3620cf2812 (patch) | |
| tree | 16a778760ae82d217cd07300b0342856d9006ed2 /svr-authpasswd.c | |
| parent | 3ea9068e1825f77d0ada7f146bb4ae3d1335ff61 (diff) | |
Avoid segfault for locked accounts (invalid salt to crypt())
Diffstat (limited to 'svr-authpasswd.c')
| -rw-r--r-- | svr-authpasswd.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/svr-authpasswd.c b/svr-authpasswd.c index 38fccc2..17dd2a1 100644 --- a/svr-authpasswd.c +++ b/svr-authpasswd.c @@ -66,6 +66,14 @@ void svr_auth_password() { m_burn(password, passwordlen); m_free(password); + if (testcrypt == NULL) { + /* crypt() with an invalid salt like "!!" */ + dropbear_log(LOG_WARNING, "User account '%s' is locked", + ses.authstate.pw_name); + send_msg_userauth_failure(0, 1); + return; + } + /* check for empty password */ if (passwdcrypt[0] == '\0') { dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", |