Don't crash if crypt() fails.

It can fail, so make sure it doesn't before comparing its result with
the password.

This addresses Include Security issue F12: [libpcap] Remote Packet
Capture Daemon Null Pointer Dereference Denial of Service.

diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
index 42cb21817df74fbf387d723c912780f0dcd8b5ea..55e3fa309242469440b5cb2e04c323fad9f731d7 100644 (file)
--- a/rpcapd/daemon.c
+++ b/rpcapd/daemon.c
@@ -1458,6 +1458,7 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
 #ifdef HAVE_GETSPNAM
        struct spwd *usersp;
 #endif
+       char *crypt_password;
 
        // This call is needed to get the uid
        if ((user = getpwnam(username)) == NULL)
@@ -1488,7 +1489,13 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
        user_password = user->pw_passwd;
 #endif
 
-       if (strcmp(user_password, (char *) crypt(password, user_password)) != 0)
+       crypt_password = crypt(password, user_password);
+       if (crypt_password == NULL)
+       {
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
+               return -1;
+       }
+       if (strcmp(user_password, crypt_password) != 0)
        {
                snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: user name or password incorrect");
                return -1;