For users with locked accounts, dropbear segfaults on password
authentication. The call to crypt() with glibc 2.17 returns NULL if
the passwd field is '!'. Strcmp() segfaults on the NULL value. Here's
a patch against 2013.58 that adds a check.
--- svr-authpasswd.c.old
+++ svr-authpasswd.c
@@ -66,6 +66,12 @@
m_burn(password, passwordlen);
m_free(password);
+ if (testcrypt == NULL) {
+ dropbear_log(LOG_WARNING, "Crypt against user '%s' password
failed, rejected",
+ ses.authstate.pw_name);
+ send_msg_userauth_failure(0, 1);
+ return;
+ }
/* check for empty password */
if (passwdcrypt[0] == '\0') {
dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
--
thx,
Kevin Johnson
