X-Git-Url: https://git.hcoop.net/hcoop/debian/courier-authlib.git/blobdiff_plain/6b9221b9fe5c2b44c301ca08a987d99b4add7a06..5459351437f2b7b2a08457e5397f8a8381986ffe:/checkpassword.c

diff --git a/checkpassword.c b/checkpassword.c
index 80acfd4..c6b9606 100644
--- a/checkpassword.c
+++ b/checkpassword.c
@@ -26,6 +26,13 @@ extern char *crypt(const char *, const char *);
 extern int authcheckpasswordmd5(const char *, const char *);
 extern int authcheckpasswordsha1(const char *, const char *);
 
+static int safe_strcmp(const char *a, const char *nullable_b)
+{
+	if (!nullable_b)
+		return -1;
+	return strcmp(a, nullable_b);
+}
+
 static int do_authcheckpassword(const char *password, const char *encrypted_password)
 {
 	if (strncmp(encrypted_password, "$1$", 3) == 0
@@ -48,10 +55,10 @@ static int do_authcheckpassword(const char *password, const char *encrypted_pass
 
 	return (
 #if	HAVE_CRYPT
-		strcmp(encrypted_password,
-			crypt(password, encrypted_password))
+		safe_strcmp(encrypted_password,
+			    crypt(password, encrypted_password))
 #else
-		strcmp(encrypted_password, password)
+		safe_strcmp(encrypted_password, password)
 #endif
 				);
 }