Introduction
Introduction Statistics Contact Development Disclaimer Help
fix CVE-2016-6866 - slock - simple X display locker utility
git clone git://git.suckless.org/slock
Log
Files
Refs
README
LICENSE
---
commit d8bec0f6fdc8a246d78cb488a0068954b46fcb29
parent b87bfa234378bcfc1b13273c5089f07902de1725
Author: Markus Teich <[email protected]>
Date: Wed, 31 Aug 2016 00:59:06 +0200
fix CVE-2016-6866
Diffstat:
M slock.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
---
diff --git a/slock.c b/slock.c
@@ -123,7 +123,7 @@ readpw(Display *dpy)
readpw(Display *dpy, const char *pws)
#endif
{
- char buf[32], passwd[256];
+ char buf[32], passwd[256], *encrypted;
int num, screen;
unsigned int len, color;
KeySym ksym;
@@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws)
#ifdef HAVE_BSD_AUTH
running = !auth_userokay(getlogin(), NULL, "au…
#else
- running = !!strcmp(crypt(passwd, pws), pws);
+ errno = 0;
+ if (!(encrypted = crypt(passwd, pws)))
+ fprintf(stderr, "slock: crypt: %s\n", …
+ else
+ running = !!strcmp(encrypted, pws);
#endif
if (running) {
XBell(dpy, 100);
@@ -312,6 +316,8 @@ main(int argc, char **argv) {
#ifndef HAVE_BSD_AUTH
pws = getpw();
+ if (strlen(pws) < 2)
+ die("slock: failed to get user password hash.\n");
#endif
if (!(dpy = XOpenDisplay(NULL)))
You are viewing proxied material from suckless.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.