[hackers] [slock] fix CVE-2016-6866 || Markus Teich

From: <git_AT_suckless.org>
Date: Wed, 31 Aug 2016 01:01:59 +0200 (CEST)

commit d8bec0f6fdc8a246d78cb488a0068954b46fcb29
Author: Markus Teich <markus.teich_AT_stusta.mhn.de>
AuthorDate: Wed Aug 31 00:59:06 2016 +0200
Commit: Markus Teich <markus.teich_AT_stusta.mhn.de>
CommitDate: Wed Aug 31 00:59:06 2016 +0200

    fix CVE-2016-6866

diff --git a/slock.c b/slock.c
index 847b328..8ed59ca 100644
--- a/slock.c
+++ b/slock.c
_AT_@ -123,7 +123,7 @@ readpw(Display *dpy)
 readpw(Display *dpy, const char *pws)
 #endif
 {
- char buf[32], passwd[256];
+ char buf[32], passwd[256], *encrypted;
         int num, screen;
         unsigned int len, color;
         KeySym ksym;
_AT_@ -159,7 +159,11 @@ readpw(Display *dpy, const char *pws)
 #ifdef HAVE_BSD_AUTH
                                 running = !auth_userokay(getlogin(), NULL, "auth-slock", passwd);
 #else
- running = !!strcmp(crypt(passwd, pws), pws);
+ errno = 0;
+ if (!(encrypted = crypt(passwd, pws)))
+ fprintf(stderr, "slock: crypt: %s\n", strerror(errno));
+ else
+ running = !!strcmp(encrypted, pws);
 #endif
                                 if (running) {
                                         XBell(dpy, 100);
_AT_@ -312,6 +316,8 @@ main(int argc, char **argv) {
 
 #ifndef HAVE_BSD_AUTH
         pws = getpw();
+ if (strlen(pws) < 2)
+ die("slock: failed to get user password hash.\n");
 #endif
 
         if (!(dpy = XOpenDisplay(NULL)))
Received on Wed Aug 31 2016 - 01:01:59 CEST

This archive was generated by hypermail 2.3.0 : Wed Aug 31 2016 - 01:12:18 CEST