{
struct passwd* pw = NULL;
int status;
+
+ // Check username, NULL can crash in getpwnam
+ if (!userName)
+ return CHECKPW_UNKNOWNUSER;
pw = getpwnam( userName );
if (pw == NULL)
break;
}
+ // check password, NULL crashes crypt()
+ if (!password)
+ {
+ siResult = CHECKPW_BADPASSWORD;
+ break;
+ }
// Correct password hash
if (strcmp(crypt(password, pw->pw_passwd), pw->pw_passwd) == 0) {
siResult = CHECKPW_SUCCESS;
// User Name
len = strlen( userName );
+ if (curr + len + sizeof(unsigned long) > kIPCMsgLen)
+ {
+ siResult = CHECKPW_FAILURE;
+ break;
+ }
memcpy( &(msg->fData[ curr ]), &len, sizeof( unsigned long ) );
curr += sizeof( unsigned long );
memcpy( &(msg->fData[ curr ]), userName, len );
// Password
len = strlen( password );
+ if (curr + len + sizeof(unsigned long) > kIPCMsgLen)
+ {
+ siResult = CHECKPW_FAILURE;
+ break;
+ }
memcpy( &(msg->fData[ curr ]), &len, sizeof( unsigned long ) );
curr += sizeof ( unsigned long );
memcpy( &(msg->fData[ curr ]), password, len );
projects / apple / security.git / blobdiff