getpwuid() may fail returning a null value leaving subsequent code vulnerable to a null pointer dereference.
Signed-off-by: Jafar Al-Gharaibeh <[email protected]> --- vtysh/vtysh_user.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/vtysh/vtysh_user.c b/vtysh/vtysh_user.c index 239a633..0955edc 100644 --- a/vtysh/vtysh_user.c +++ b/vtysh/vtysh_user.c @@ -176,7 +176,11 @@ vtysh_auth (void) struct vtysh_user *user; struct passwd *passwd; - passwd = getpwuid (geteuid ()); + if ((passwd = getpwuid (geteuid ())) == NULL) + { + fprintf (stderr, "could not lookup user ID %d\n", (int) geteuid()); + exit (1); + } user = user_lookup (passwd->pw_name); if (user && user->nopassword) -- 2.7.4 _______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
