- (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would
occur if the server did not have the privsep user and an invalid user
tried to login and both privsep and krb5 auth are disabled.
diff --git a/auth.c b/auth.c
index 5d23343..505102f 100644
--- a/auth.c
+++ b/auth.c
@@ -569,8 +569,8 @@
fake.pw_passwd =
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
fake.pw_gecos = "NOUSER";
- fake.pw_uid = privsep_pw->pw_uid;
- fake.pw_gid = privsep_pw->pw_gid;
+ fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid;
+ fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid;
#ifdef HAVE_PW_CLASS_IN_PASSWD
fake.pw_class = "";
#endif