From: Mario Rugiero
When running with root or a password for the user is missing,
authentication is bypassed.
However, it is later attempted to compare the new password
against the missing one, causing crypt to crash due to a null
salt.
In the case of a missing password, there's no prior
From: Mario Rugiero
When deciding where the previous hash should come from, is is
assumed that 'x' started strings all mean to look in shadow.
This is probably harmless in practice, since modern Linux still
use only hashes instead of raw passwords.
However, this is more robust, and more
From: Mario Rugiero
When running with root or a password for the user is missing,
authentication is bypassed.
However, it is later attempted to compare the new password
against the missing one, causing crypt to crash due to a null
salt.
In the case of a missing password, there's no prior
From: Mario Rugiero
When deciding where the previous hash should come from, is is
assumed that 'x' started strings all mean to look in shadow.
This is probably harmless in practice, since modern Linux still
use only hashes instead of raw passwords.
However, this is more robust, and more
From: Mario Rugiero
When cleaning up the stack the stack member for the first
monitor wasn't being updated to reflect this, with the following
(possible) consequences:
- An infinite loop. If things wouldn't crash, not updating the
guard of the loop would lead to this.
- Garbage being read and
From: Mario Rugiero
Continuing on '!selmon->sel' leads to a NULL pointer dereference.
Reading the code, it seems it was intended to fail when either there's
no selected client or it's running in floating mode.
---
dwm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dwm.c