From: Guy Harris <guy@alum.mit.edu>
Date: Mon, 6 Aug 2018 02:04:38 +0000 (-0700)
Subject: Don't crash if crypt() fails.
X-Git-Tag: libpcap-1.10-bp~426
X-Git-Url: https://git.tcpdump.org/libpcap/commitdiff_plain/7241300e3df8038eeafb453edddccbb10c27fe0a

Don't crash if crypt() fails.

It can fail, so make sure it doesn't before comparing its result with
the password.

This addresses Include Security issue F12: [libpcap] Remote Packet
Capture Daemon Null Pointer Dereference Denial of Service.
---

diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
index 42cb2181..55e3fa30 100644
--- a/rpcapd/daemon.c
+++ b/rpcapd/daemon.c
@@ -1458,6 +1458,7 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
 #ifdef HAVE_GETSPNAM
 	struct spwd *usersp;
 #endif
+	char *crypt_password;
 
 	// This call is needed to get the uid
 	if ((user = getpwnam(username)) == NULL)
@@ -1488,7 +1489,13 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
 	user_password = user->pw_passwd;
 #endif
 
-	if (strcmp(user_password, (char *) crypt(password, user_password)) != 0)
+	crypt_password = crypt(password, user_password);
+	if (crypt_password == NULL)
+	{
+		snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
+		return -1;
+	}
+	if (strcmp(user_password, crypt_password) != 0)
 	{
 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: user name or password incorrect");
 		return -1;