From: Jeremy Harris Date: Fri, 21 Oct 2016 11:36:55 +0000 (+0100) Subject: Expansions: errorcheck use of crypt() in the open-coded version of crypteq/crypt16 X-Git-Tag: exim-4_88_RC3~8 X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=cfda83c6d64b5af00ef5f7a20bcc0dd58e489ef4;p=exim.git Expansions: errorcheck use of crypt() in the open-coded version of crypteq/crypt16 Previously, bad arguments crashed under OpenBSD --- diff --git a/src/src/crypt16.c b/src/src/crypt16.c index e8a4fe8a7..56353c326 100644 --- a/src/src/crypt16.c +++ b/src/src/crypt16.c @@ -44,31 +44,33 @@ static void dummy(int x) { dummy(x-1); } #include #endif -char *crypt16(char *key, char *salt) +char * +crypt16(char *key, char *salt) { - static char res[25]; - static char s2[3]; - char *p; +static char res[25]; /* Not threadsafe; like crypt() */ +static char s2[3]; +char *p; - /* Clear the string of any previous data */ - memset (res, 0, sizeof (res)); +/* Clear the string of any previous data */ +memset (res, 0, sizeof (res)); - /* crypt the first part */ - p = crypt (key, salt); - strncpy (res, p, 13); +/* crypt the first part */ +if (!(p = crypt (key, salt))) return NULL; +strncpy (res, p, 13); - if (strlen (key) > 8) - { - /* crypt the rest - * the first two characters of the first block (not counting - * the salt) make up the new salt */ - strncpy (s2, &(res[2]), 2); - p = crypt (&(key[8]), s2); - strncpy (&(res[13]), &(p[2]), 11); - memset (s2, 0, sizeof (s2)); - } +if (strlen (key) > 8) + { + /* crypt the rest + * the first two characters of the first block (not counting + * the salt) make up the new salt */ - return (res); + strncpy (s2, res+2, 2); + p = crypt (key+8, s2); + strncpy (res+13, p+2, 11); + memset (s2, 0, sizeof(s2)); + } + +return (res); } #endif