From: Jeremy Harris Date: Mon, 11 Jan 2016 15:50:22 +0000 (+0000) Subject: Expansions: Fix crash in crypteq: On OpenBSD a bad second-arg X-Git-Tag: exim-4_87_RC3~15 X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=9dc2b215e83a63efa242f6acd3ab7af8b608e5a1;p=exim.git Expansions: Fix crash in crypteq: On OpenBSD a bad second-arg results in an error-return from crypt(). Errorcheck that return. --- diff --git a/src/src/expand.c b/src/src/expand.c index f144a7561..2966c22c6 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -2791,7 +2791,7 @@ switch(cond_type) #define XSTR(s) STR(s) DEBUG(D_auth) debug_printf("crypteq: using %s()\n" " subject=%s\n crypted=%s\n", - (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16", + which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16", coded, sub[1]); #undef STR #undef XSTR @@ -2800,8 +2800,16 @@ switch(cond_type) salt), force failure. Otherwise we get false positives: with an empty string the yield of crypt() is an empty string! */ - tempcond = (Ustrlen(sub[1]) < 2)? FALSE : - (Ustrcmp(coded, sub[1]) == 0); + if (coded) + tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0; + else if (errno == EINVAL) + tempcond = FALSE; + else + { + expand_string_message = string_sprintf("crypt error: %s\n", + US strerror(errno)); + return NULL; + } } break; #endif /* SUPPORT_CRYPTEQ */