getpwuid() may fail returning a null value leaving subsequent
code vulnerable to a null pointer dereference.

Signed-off-by: Jafar Al-Gharaibeh <[email protected]>
---
 vtysh/vtysh_user.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/vtysh/vtysh_user.c b/vtysh/vtysh_user.c
index 239a633..0955edc 100644
--- a/vtysh/vtysh_user.c
+++ b/vtysh/vtysh_user.c
@@ -176,7 +176,11 @@ vtysh_auth (void)
   struct vtysh_user *user;
   struct passwd *passwd;
 
-  passwd = getpwuid (geteuid ());
+  if ((passwd = getpwuid (geteuid ())) == NULL)
+  {
+    fprintf (stderr, "could not lookup user ID %d\n", (int) geteuid());
+    exit (1);
+  }
 
   user = user_lookup (passwd->pw_name);
   if (user && user->nopassword)
-- 
2.7.4


_______________________________________________
Quagga-dev mailing list
[email protected]
https://lists.quagga.net/mailman/listinfo/quagga-dev

Reply via email to