From 569284a119f958154fe076f5bc06b031d59a71cc Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Wed, 22 May 2019 14:25:52 +0200
Subject: [PATCH] session: handle NULL return values of crypt()

The crypt() function may return NULL with errno ENOSYS when an attempt
was made to crypt the plaintext password using a salt requesting an
unsupported cipher.

Avoid triggering segmentation faults in the subsequent strcmp() operation
by checking for a non-NULL hash value.

Fixes: FS#2291
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---
 session.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/session.c b/session.c
index 3ed4519..13a2ef3 100644
--- a/session.c
+++ b/session.c
@@ -822,7 +822,7 @@ rpc_login_test_password(const char *hash, const char *password)
 
 	crypt_hash = crypt(password, hash);
 
-	return !strcmp(crypt_hash, hash);
+	return (crypt_hash && !strcmp(crypt_hash, hash));
 }
 
 static struct uci_section *
-- 
2.30.2