coast/rdo
1
0
Fork 0
forked from soccera/rdo
Code Pull requests Activity

Add checks for crypt() and getspnam() failure

Browse source
This commit is contained in:
sw1tchbl4d3 2022-02-08 21:09:36 +01:00
parent 860f9cbf47
commit 1bc833693b
1 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
rdo.c
View file

@ -86,9 +86,9 @@ int main(int argc, char** argv) {
if (uid != ruid && ruid != 0) if (uid != ruid && ruid != 0)
errx(1, "You are not in the username file"); errx(1, "You are not in the username file");
struct spwd* shadowEntry = getspnam(username); struct spwd* shadowEntry = getspnam(p->pw_name);
if (!shadowEntry) if (!shadowEntry || !shadowEntry->sp_pwdp)
err(1, "Could not get shadow entry"); err(1, "Could not get shadow entry");
tries = 0; tries = 0;
@ -96,10 +96,13 @@ int main(int argc, char** argv) {
if (!readpassphrase("(rdo) Password: ", password, sizeof(password), RPP_REQUIRE_TTY)) if (!readpassphrase("(rdo) Password: ", password, sizeof(password), RPP_REQUIRE_TTY))
err(1, "Could not get passphrase"); err(1, "Could not get passphrase");
int rc = strcmp(shadowEntry->sp_pwdp, crypt(password, shadowEntry->sp_pwdp)); char* hashed_pw = crypt(password, shadowEntry->sp_pwdp);
memset(password, 0, sizeof(password)); memset(password, 0, sizeof(password));
if (!hashed_pw)
err(1, "Could not hash password");
if (rc == 0) { if (strcmp(shadowEntry->sp_pwdp, hashed_pw) == 0) {
setsession(getppid(), ts_ttl); setsession(getppid(), ts_ttl);
return runprog(argc, argv); return runprog(argc, argv);
} }