debian/patches/91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch

   1 From 9dc2b215e83a63efa242f6acd3ab7af8b608e5a1 Mon Sep 17 00:00:00 2001
   2 From: Jeremy Harris <jgh146exb@wizmail.org>
   3 Date: Mon, 11 Jan 2016 15:50:22 +0000
   4 Subject: [PATCH] Expansions: Fix crash in crypteq: On OpenBSD a bad second-arg
   5  results in an error-return from crypt().  Errorcheck that return.
   6
   7 ---
   8  src/expand.c | 14 +++++++++++---
   9  1 file changed, 11 insertions(+), 3 deletions(-)
  10
  11 diff --git a/src/expand.c b/src/expand.c
  12 index f144a75..2966c22 100644
  13 --- a/src/expand.c
  14 +++ b/src/expand.c
  15 @@ -2791,7 +2791,7 @@ switch(cond_type)
  16        #define XSTR(s) STR(s)
  17        DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
  18          "  subject=%s\n  crypted=%s\n",
  19 -        (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
  20 +        which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
  21          coded, sub[1]);
  22        #undef STR
  23        #undef XSTR
  24 @@ -2800,8 +2800,16 @@ switch(cond_type)
  25        salt), force failure. Otherwise we get false positives: with an empty
  26        string the yield of crypt() is an empty string! */
  27
  28 -      tempcond = (Ustrlen(sub[1]) < 2)? FALSE :
  29 -        (Ustrcmp(coded, sub[1]) == 0);
  30 +      if (coded)
  31 +       tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
  32 +      else if (errno == EINVAL)
  33 +       tempcond = FALSE;
  34 +      else
  35 +       {
  36 +       expand_string_message = string_sprintf("crypt error: %s\n",
  37 +         US strerror(errno));
  38 +       return NULL;
  39 +       }
  40        }
  41      break;
  42      #endif  /* SUPPORT_CRYPTEQ */
  43 --
  44 2.8.0.rc3
  45