pppd: Don't crash if crypt() returns NULL

[ppp.git] / pppd / session.c

diff --git a/pppd/session.c b/pppd/session.c
index 32901a24546f5913b67cdced816f002de9edc6e3..56385dd638742ba9fd7028165104e8565cff0778 100644 (file)
--- a/pppd/session.c
+++ b/pppd/session.c
@@ -178,6 +178,7 @@ session_start(flags, user, passwd, ttyName, msg)
     bool try_session = 0;
 #else /* #ifdef USE_PAM */
     struct passwd *pw;
+    char *cbuf;
 #ifdef HAS_SHADOW
     struct spwd *spwd;
     struct spwd *getspnam();
@@ -348,8 +349,10 @@ session_start(flags, user, passwd, ttyName, msg)
        /*
         * If no passwd, don't let them login if we're authenticating.
         */
-        if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2
-            || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0)
+        if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2)
+            return SESSION_FAILED;
+       cbuf = crypt(passwd, pw->pw_passwd);
+       if (!cbuf || strcmp(cbuf, pw->pw_passwd) != 0)
             return SESSION_FAILED;
     }