xfnw
/
solanum
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

mkpasswd: avoid strdup(NULL) and the like if rb_crypt() fails

This commit is contained in:
Aaron Jones 2016-12-20 17:29:37 +00:00
parent d1f8acb0da
commit 6002ccec6b
No known key found for this signature in database
GPG Key ID: EC6F86EE9CD840B5
1 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
tools/mkpasswd.c
View File

@ -90,7 +90,7 @@ main(int argc, char *argv[])
int c;
char *saltpara = NULL;
char *salt;
char *hashed;
char *hashed, *hashed2;
int flag = 0;
int length = 0; /* Not Set */
int rounds = 0; /* Not set, since blowfish needs 4 by default, a side effect
@ -194,10 +194,24 @@ main(int argc, char *argv[])
}
else
{
hashed = strdup(rb_crypt(getpass("plaintext: "), salt));
plaintext = getpass("again: ");
plaintext = getpass("plaintext: ");
hashed = rb_crypt(plaintext, salt);
if (!hashed)
{
fprintf(stderr, "rb_crypt() failed\n");
return 1;
}
hashed = strdup(hashed);
if (strcmp(rb_crypt(plaintext, salt), hashed) != 0)
plaintext = getpass("again: ");
hashed2 = rb_crypt(plaintext, salt);
if (!hashed2)
{
fprintf(stderr, "rb_crypt() failed\n");
return 1;
}
if (strcmp(hashed, hashed2) != 0)
{
fprintf(stderr, "Passwords do not match\n");
return 1;