extern int authcheckpasswordmd5(const char *, const char *);
extern int authcheckpasswordsha1(const char *, const char *);
+static int safe_strcmp(const char *a, const char *nullable_b)
+{
+ if (!nullable_b)
+ return -1;
+ return strcmp(a, nullable_b);
+}
+
static int do_authcheckpassword(const char *password, const char *encrypted_password)
{
if (strncmp(encrypted_password, "$1$", 3) == 0
return (
#if HAVE_CRYPT
- strcmp(encrypted_password,
- crypt(password, encrypted_password))
+ safe_strcmp(encrypted_password,
+ crypt(password, encrypted_password))
#else
- strcmp(encrypted_password, password)
+ safe_strcmp(encrypted_password, password)
#endif
);
}