Commit 6afe200c authored by Bruce Momjian's avatar Bruce Momjian

chkpass: check for NULL return value from crypt()

Report from Jozef Mlich using Coverity
parent 85317e88
...@@ -70,6 +70,7 @@ chkpass_in(PG_FUNCTION_ARGS) ...@@ -70,6 +70,7 @@ chkpass_in(PG_FUNCTION_ARGS)
char *str = PG_GETARG_CSTRING(0); char *str = PG_GETARG_CSTRING(0);
chkpass *result; chkpass *result;
char mysalt[4]; char mysalt[4];
char *crypt_output;
static char salt_chars[] = static char salt_chars[] =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
...@@ -92,7 +93,13 @@ chkpass_in(PG_FUNCTION_ARGS) ...@@ -92,7 +93,13 @@ chkpass_in(PG_FUNCTION_ARGS)
mysalt[1] = salt_chars[random() & 0x3f]; mysalt[1] = salt_chars[random() & 0x3f];
mysalt[2] = 0; /* technically the terminator is not necessary mysalt[2] = 0; /* technically the terminator is not necessary
* but I like to play safe */ * but I like to play safe */
strcpy(result->password, crypt(str, mysalt));
if ((crypt_output = crypt(str, mysalt)) == NULL)
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("crypt() failed")));
strcpy(result->password, crypt_output);
PG_RETURN_POINTER(result); PG_RETURN_POINTER(result);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment