[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

system/3706: in local_passwd.c passwd should check for p being a null pointer

>Number:         3706
>Category:       system
>Synopsis:       in local_passwd.c passwd should check for p being a null pointer
>Confidential:   yes
>Severity:       non-critical
>Priority:       low
>Responsible:    bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 09 16:10:02 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     cycloon
>Release:        current
>Organization:
net
>Environment:
	
	System      : OpenBSD 3.4
	Architecture: OpenBSD.i386
	Machine     : i386
>Description:
	manpage and source of getpass() states, that it can return a null pointer,
	so i think that should be checked in local_passwd.c
>How-To-Repeat:
	
>Fix:
	diff to -current:
Index: local_passwd.c
===================================================================
RCS file: /cvs/src/usr.bin/passwd/local_passwd.c,v
retrieving revision 1.30
diff -u -r1.30 local_passwd.c
--- local_passwd.c  20 Jun 2003 16:53:27 -0000  1.30
+++ local_passwd.c  9 Mar 2004 15:33:50 -0000
@@ -155,7 +155,7 @@
        (void)printf("Changing local password for %s.\n", pw->pw_name);
        if (uid != 0 && pw->pw_passwd[0] != '\0') {
            p = getpass("Old password:");
-           if (*p == '\0') {
+           if (!p || *p == '\0') {
                (void)printf(UNCHANGED_MSG);
                pw_abort();
                exit(0);
@@ -171,7 +171,7 @@

    for (buf[0] = '\0', tries = 0;;) {
        p = getpass("New password:");
-       if (*p == '\0') {
+       if (!p || *p == '\0') {
            (void)printf(UNCHANGED_MSG);
            pw_abort();
            exit(0);


>Release-Note:
>Audit-Trail:
>Unformatted: