[Swan-dev] Fix bug in do_file_authentication
David McCullough
ucdevel at gmail.com
Fri Apr 4 18:07:21 EEST 2014
Paul Wouters wrote the following:
> On Fri, 4 Apr 2014, D. Hugh Redelmeier wrote:
>
> > Fix bug in do_file_authentication.
> > Introduced by DHR on 2014 Jan 12 via 69caecc522448a4c36d679d0f3ca48c0864b2182.
>
> I'm still confused here, the old/new code is:
>
> /* get userid */
> userid = line;
> p = strchr(p, ':'); /* find end */
This should be
p = strchr(line, ':');
Cheers,
Davidm
> if (p == NULL) {
> /* no end: skip line */
> libreswan_log("XAUTH: %s:%d missing password hash field", pwdfile, lineno);
> continue;
> }
>
> *p++ ='\0'; /* terminate string by overwriting : */
>
> At this last line, p was pointing to 0x01. How can strchr ever return
> such an invalid memory pointer? So I also don't trust the test for p !=
> NULL and running *p++ ='\0';
>
> What did I get wrong?
>
> Paul
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
--
David McCullough, davidm at spottygum.com, Ph: 0410 560 763
More information about the Swan-dev
mailing list