From 569284a119f958154fe076f5bc06b031d59a71cc Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Wed, 22 May 2019 14:25:52 +0200 Subject: [PATCH] session: handle NULL return values of crypt() The crypt() function may return NULL with errno ENOSYS when an attempt was made to crypt the plaintext password using a salt requesting an unsupported cipher. Avoid triggering segmentation faults in the subsequent strcmp() operation by checking for a non-NULL hash value. Fixes: FS#2291 Signed-off-by: Jo-Philipp Wich --- session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/session.c b/session.c index 3ed4519..13a2ef3 100644 --- a/session.c +++ b/session.c @@ -822,7 +822,7 @@ rpc_login_test_password(const char *hash, const char *password) crypt_hash = crypt(password, hash); - return !strcmp(crypt_hash, hash); + return (crypt_hash && !strcmp(crypt_hash, hash)); } static struct uci_section *