occur if the server did not have the privsep user and an invalid user
tried to login and both privsep and krb5 auth are disabled.
+20061205
+ - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would
+ occur if the server did not have the privsep user and an invalid user
+ tried to login and both privsep and krb5 auth are disabled; ok dtucker@
+
20061108
- (dtucker) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2006/11/07 13:02:07
fake.pw_passwd =
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
fake.pw_gecos = "NOUSER";
- fake.pw_uid = privsep_pw->pw_uid;
- fake.pw_gid = privsep_pw->pw_gid;
+ fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid;
+ fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid;
#ifdef HAVE_PW_CLASS_IN_PASSWD
fake.pw_class = "";
#endif