mkpasswd: avoid strdup(NULL) and the like if rb_crypt() fails

This commit is contained in:
Aaron Jones 2016-12-20 17:29:37 +00:00
parent d1f8acb0da
commit 6002ccec6b
No known key found for this signature in database
GPG key ID: EC6F86EE9CD840B5

View file

@ -90,7 +90,7 @@ main(int argc, char *argv[])
int c; int c;
char *saltpara = NULL; char *saltpara = NULL;
char *salt; char *salt;
char *hashed; char *hashed, *hashed2;
int flag = 0; int flag = 0;
int length = 0; /* Not Set */ int length = 0; /* Not Set */
int rounds = 0; /* Not set, since blowfish needs 4 by default, a side effect int rounds = 0; /* Not set, since blowfish needs 4 by default, a side effect
@ -194,10 +194,24 @@ main(int argc, char *argv[])
} }
else else
{ {
hashed = strdup(rb_crypt(getpass("plaintext: "), salt)); plaintext = getpass("plaintext: ");
plaintext = getpass("again: "); hashed = rb_crypt(plaintext, salt);
if (!hashed)
{
fprintf(stderr, "rb_crypt() failed\n");
return 1;
}
hashed = strdup(hashed);
if (strcmp(rb_crypt(plaintext, salt), hashed) != 0) plaintext = getpass("again: ");
hashed2 = rb_crypt(plaintext, salt);
if (!hashed2)
{
fprintf(stderr, "rb_crypt() failed\n");
return 1;
}
if (strcmp(hashed, hashed2) != 0)
{ {
fprintf(stderr, "Passwords do not match\n"); fprintf(stderr, "Passwords do not match\n");
return 1; return 1;