Hi,
When login_skey is called for a user without skey it crashes with
NULL pointer dereference. It tries to pass a file descriptor that
does not exist. This has to be done conditionally.
ok?
bluhm
Index: libexec/login_skey/login_skey.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/libexec/login_skey/login_skey.c,v
retrieving revision 1.25
diff -u -p -r1.25 login_skey.c
--- libexec/login_skey/login_skey.c 16 Oct 2015 13:37:43 -0000 1.25
+++ libexec/login_skey/login_skey.c 19 Jul 2017 13:54:18 -0000
@@ -160,9 +160,11 @@ main(int argc, char *argv[])
fprintf(back, BI_VALUE " challenge %s\n",
auth_mkvalue(challenge));
fprintf(back, BI_CHALLENGE "\n");
- fprintf(back, BI_FDPASS "\n");
- fflush(back);
- send_fd(fileno(back));
+ if (haskey) {
+ fprintf(back, BI_FDPASS "\n");
+ fflush(back);
+ send_fd(fileno(back));
+ }
exit(0);
case MODE_RESPONSE:
