- (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would

   occur if the server did not have the privsep user and an invalid user
   tried to login and both privsep and krb5 auth are disabled.

diff --git a/ChangeLog b/ChangeLog
index e40a7f10b86ffb289534bf88e4d24c4da1be8d68..d747306d8ff555834f61dff968b79670ce08a612 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20061205
+ - (djm) [auth.c] Fix NULL pointer dereference in fakepw().  Crash would
+   occur if the server did not have the privsep user and an invalid user
+   tried to login and both privsep and krb5 auth are disabled; ok dtucker@
+
 20061108
  - (dtucker) OpenBSD CVS Sync
    - markus@cvs.openbsd.org 2006/11/07 13:02:07

diff --git a/auth.c b/auth.c
index 5d23343b927873167989c40de5c396dbaa088f4c..505102f8ab57be897bf0f8f77657ffdc5680d437 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -569,8 +569,8 @@ fakepw(void)
        fake.pw_passwd =
            "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
        fake.pw_gecos = "NOUSER";
-       fake.pw_uid = privsep_pw->pw_uid;
-       fake.pw_gid = privsep_pw->pw_gid;
+       fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid;
+       fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid;
 #ifdef HAVE_PW_CLASS_IN_PASSWD
        fake.pw_class = "";
 #endif