Commit6afe200

committed

chkpass: check for NULL return value from crypt()

Report from Jozef Mlich using Coverity

1 parent85317e8 commit6afe200Copy full SHA for 6afe200

File tree

-1

lines changed

-1

lines changed

Lines changed: 8 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,7 @@ chkpass_in(PG_FUNCTION_ARGS)`
`70`	`70`	`char*str=PG_GETARG_CSTRING(0);`
`71`	`71`	`chkpass*result;`
`72`	`72`	`charmysalt[4];`
	`73`	`+char*crypt_output;`
`73`	`74`	`staticcharsalt_chars[]=`
`74`	`75`	`"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";`
`75`	`76`
`@@ -92,7 +93,13 @@ chkpass_in(PG_FUNCTION_ARGS)`
`92`	`93`	`mysalt[1]=salt_chars[random()&0x3f];`
`93`	`94`	`mysalt[2]=0;/* technically the terminator is not necessary`
`94`	`95`	`* but I like to play safe */`
`95`		`-strcpy(result->password,crypt(str,mysalt));`
	`96`	`+`
	`97`	`+if ((crypt_output=crypt(str,mysalt))==NULL)`
	`98`	`+ereport(ERROR,`
	`99`	`+(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
	`100`	`+errmsg("crypt() failed")));`
	`101`	`+strcpy(result->password,crypt_output);`
	`102`	`+`
`96`	`103`	`PG_RETURN_POINTER(result);`
`97`	`104`	`}`
`98`	`105`

Comments

(0)