crypt() may fail, so we check for that.

	Based on a patch from Josh Wilsdon

diff --git a/src/main/auth.c b/src/main/auth.c
index 8498f25..4465576 100644 (file)
--- a/src/main/auth.c
+++ b/src/main/auth.c
@@ -211,6 +211,7 @@ int rad_check_password(REQUEST *request)
        VALUE_PAIR *password_pair;
        VALUE_PAIR *auth_item;
        char string[MAX_STRING_LEN];
+       const char *crypted_password;
        int auth_type = -1;
        int result;
        int auth_type_count = 0;
@@ -296,10 +297,17 @@ int rad_check_password(REQUEST *request)
                                return -1;
                        }
                                        
+                       crypted_password = crypt((char *)auth_item->strvalue,
+                                                (char *)password_pair->strvalue);
+                       if (!crypted_password) {
+                               rad_authlog("Login incorrect "
+                                           "(system failed to supply an encrypted password for comparison)", request, 0);
+                               return -1;
+                       }
                        if (strcmp((char *)password_pair->strvalue,
-                                  crypt((char *)auth_item->strvalue,
-                                        (char *)password_pair->strvalue)) != 0)
-                               result = -1;
+                                  crypted_password) != 0) {
+                               return -1;
+                       }
                        break;
                case PW_AUTHTYPE_LOCAL:
                        DEBUG2("auth: type Local");