From 1bc833693b181370be88b763702d975c52ad87d2 Mon Sep 17 00:00:00 2001
From: sw1tchbl4d3 <sw1tchbl4d3@sw1tchbl4d3.com>
Date: Tue, 8 Feb 2022 21:09:36 +0100
Subject: [PATCH] Add checks for crypt() and getspnam() failure

---
 rdo.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/rdo.c b/rdo.c
index 16ff909..a81ae9b 100644
--- a/rdo.c
+++ b/rdo.c
@@ -86,9 +86,9 @@ int main(int argc, char** argv) {
 	if (uid != ruid && ruid != 0)
 		errx(1, "You are not in the username file");
 
-	struct spwd* shadowEntry = getspnam(username);
+	struct spwd* shadowEntry = getspnam(p->pw_name);
 
-	if (!shadowEntry)
+	if (!shadowEntry || !shadowEntry->sp_pwdp)
 		err(1, "Could not get shadow entry");
 
 	tries = 0;
@@ -96,10 +96,13 @@ int main(int argc, char** argv) {
 		if (!readpassphrase("(rdo) Password: ", password, sizeof(password), RPP_REQUIRE_TTY))
 			err(1, "Could not get passphrase");
 
-		int rc = strcmp(shadowEntry->sp_pwdp, crypt(password, shadowEntry->sp_pwdp));
+		char* hashed_pw = crypt(password, shadowEntry->sp_pwdp);
 		memset(password, 0, sizeof(password));
+		
+		if (!hashed_pw)
+			err(1, "Could not hash password");
 
-		if (rc == 0) {
+		if (strcmp(shadowEntry->sp_pwdp, hashed_pw) == 0) {
 			setsession(getppid(), ts_ttl);
 			return runprog(argc, argv);
 		}