Xinqi Bao's Git
projects
/
slock.git
/ commitdiff
summary
|
log
|
commit
|
diff
|
tree
raw
|
patch
|
inline
| side by side (parent:
b87bfa2
)
fix CVE-2016-6866
author
Markus Teich <
[email protected]
>
Tue, 30 Aug 2016 22:59:06 +0000
(
00:59
+0200)
committer
Markus Teich <
[email protected]
>
Tue, 30 Aug 2016 22:59:06 +0000
(
00:59
+0200)
slock.c
patch
|
blob
|
history
diff --git
a/slock.c
b/slock.c
index
847b328
..
8ed59ca
100644
(file)
--- a/
slock.c
+++ b/
slock.c
@@
-123,7
+123,7
@@
readpw(Display *dpy)
readpw(Display *dpy, const char *pws)
#endif
{
readpw(Display *dpy, const char *pws)
#endif
{
- char buf[32], passwd[256];
+ char buf[32], passwd[256]
, *encrypted
;
int num, screen;
unsigned int len, color;
KeySym ksym;
int num, screen;
unsigned int len, color;
KeySym ksym;
@@
-159,7
+159,11
@@
readpw(Display *dpy, const char *pws)
#ifdef HAVE_BSD_AUTH
running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
#else
#ifdef HAVE_BSD_AUTH
running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
#else
- running = !!strcmp(crypt(passwd, pws), pws);
+ errno = 0;
+ if (!(encrypted = crypt(passwd, pws)))
+ fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
+ else
+ running = !!strcmp(encrypted, pws);
#endif
if (running) {
XBell(dpy, 100);
#endif
if (running) {
XBell(dpy, 100);
@@
-312,6
+316,8
@@
main(int argc, char **argv) {
#ifndef HAVE_BSD_AUTH
pws = getpw();
#ifndef HAVE_BSD_AUTH
pws = getpw();
+ if (strlen(pws) < 2)
+ die("slock: failed to get user password hash.\n");
#endif
if (!(dpy = XOpenDisplay(NULL)))
#endif
if (!(dpy = XOpenDisplay(NULL)))