mkpasswd: avoid strdup(NULL) and the like if rb_crypt() fails

This commit is contained in:
Aaron Jones 2016-12-20 03:54:08 +00:00
parent a91a4515c9
commit 9cdd7270f9
No known key found for this signature in database
GPG key ID: EC6F86EE9CD840B5

View file

@ -98,7 +98,7 @@ main(int argc, char *argv[])
int c; int c;
char *saltpara = NULL; char *saltpara = NULL;
char *salt; char *salt;
char *hashed; char *hashed, *hashed2;
int flag = 0; int flag = 0;
int length = 0; /* Not Set */ int length = 0; /* Not Set */
int rounds = 0; /* Not set, since extended DES needs 25 and blowfish needs int rounds = 0; /* Not set, since extended DES needs 25 and blowfish needs
@ -249,10 +249,24 @@ main(int argc, char *argv[])
} }
else else
{ {
hashed = strdup(rb_crypt(getpass("plaintext: "), salt)); plaintext = getpass("plaintext: ");
plaintext = getpass("again: "); hashed = rb_crypt(plaintext, salt);
if (!hashed)
{
fprintf(stderr, "rb_crypt() failed\n");
return 1;
}
hashed = strdup(hashed);
if (strcmp(rb_crypt(plaintext, salt), hashed) != 0) plaintext = getpass("again: ");
hashed2 = rb_crypt(plaintext, salt);
if (!hashed2)
{
fprintf(stderr, "rb_crypt() failed\n");
return 1;
}
if (strcmp(hashed, hashed2) != 0)
{ {
fprintf(stderr, "Passwords do not match\n"); fprintf(stderr, "Passwords do not match\n");
return 1; return 1;