Commit 57166b40 authored by Matt Johnston's avatar Matt Johnston
Browse files

Avoid segfault for locked accounts (invalid salt to crypt())

parent 3ea9068e
......@@ -66,6 +66,14 @@ void svr_auth_password() {
m_burn(password, passwordlen);
m_free(password);
if (testcrypt == NULL) {
/* crypt() with an invalid salt like "!!" */
dropbear_log(LOG_WARNING, "User account '%s' is locked",
ses.authstate.pw_name);
send_msg_userauth_failure(0, 1);
return;
}
/* check for empty password */
if (passwdcrypt[0] == '\0') {
dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment