 |
fix CVE-2016-6866 - slock - simple X display locker utility |
 |
git clone git://git.suckless.org/slock |
 |
Log |
|
Files |
|
Refs |
|
README |
|
LICENSE |
|
--- |
|
commit d8bec0f6fdc8a246d78cb488a0068954b46fcb29 |
|
parent b87bfa234378bcfc1b13273c5089f07902de1725 |
|
Author: Markus Teich <[email protected]> |
|
Date: Wed, 31 Aug 2016 00:59:06 +0200 |
|
|
|
fix CVE-2016-6866 |
|
|
|
Diffstat: |
|
M slock.c | 10 ++++++++-- |
|
|
|
1 file changed, 8 insertions(+), 2 deletions(-) |
|
--- |
|
diff --git a/slock.c b/slock.c |
|
@@ -123,7 +123,7 @@ readpw(Display *dpy) |
|
readpw(Display *dpy, const char *pws) |
|
#endif |
|
{ |
|
- char buf[32], passwd[256]; |
|
+ char buf[32], passwd[256], *encrypted; |
|
int num, screen; |
|
unsigned int len, color; |
|
KeySym ksym; |
|
@@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws) |
|
#ifdef HAVE_BSD_AUTH |
|
running = !auth_userokay(getlogin(), NULL, "au… |
|
#else |
|
- running = !!strcmp(crypt(passwd, pws), pws); |
|
+ errno = 0; |
|
+ if (!(encrypted = crypt(passwd, pws))) |
|
+ fprintf(stderr, "slock: crypt: %s\n", … |
|
+ else |
|
+ running = !!strcmp(encrypted, pws); |
|
#endif |
|
if (running) { |
|
XBell(dpy, 100); |
|
@@ -312,6 +316,8 @@ main(int argc, char **argv) { |
|
|
|
#ifndef HAVE_BSD_AUTH |
|
pws = getpw(); |
|
+ if (strlen(pws) < 2) |
|
+ die("slock: failed to get user password hash.\n"); |
|
#endif |
|
|
|
if (!(dpy = XOpenDisplay(NULL))) |
