upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-05-26 11:20:51 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 15

BUG/MEDIUM: auth: fix unconfigured password NULL deref

Browse source 
Fix a case of dereference NULL pointer when trying to use an user from
an userlist which does not have a password configured.

The check_user() function tries to do an strcmp of the password, howver
u->pass is NULL and the strcmp would crash when trying.

Must be backported in every stable branches.
This commit is contained in:
William Lallemand 2026-05-26 14:08:38 +02:00
parent e4a5a64198
commit dfb6daca1f
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/auth.c
View file

@ -297,7 +297,7 @@ check_user(struct userlist *ul, const char *user, const char *pass)
fprintf(stderr, ", crypt=%s\n", ((ep) ? ep : ""));
#endif
if (ep && strcmp(ep, u->pass) == 0)
if (ep && u->pass && strcmp(ep, u->pass) == 0)
return 1;
else
return 0;