From c82279c5fc70a6d12ab6efd61e6c9f536e5d4a3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyril=20Bont=C3=A9?= Date: Fri, 29 Aug 2014 20:20:01 +0200 Subject: [PATCH] BUG/MEDIUM: auth: fix segfault with http-auth and a configuration with an unknown encryption algorithm MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Grégoire Morpain reported a segfault when a secured password is used for http authentication. It was caused by the use of an unsupported encryption algorithm with libcrypto. In this case, crypt() returns a NULL pointer. The fix should be backported to 1.4 and 1.5. --- src/auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/auth.c b/src/auth.c index 1069c5b76..42c08083e 100644 --- a/src/auth.c +++ b/src/auth.c @@ -252,7 +252,7 @@ check_user(struct userlist *ul, const char *user, const char *pass) fprintf(stderr, ", crypt=%s\n", ep); #endif - if (!strcmp(ep, u->pass)) + if (ep && strcmp(ep, u->pass) == 0) return 1; else return 0;