ITS#10130 Several callers of getpassphrase() ignore NULL returns

2025-02-23 14:09:39 +08:00 · 2023-11-14 16:36:16 +00:00 · 2023-11-14 16:36:16 +00:00 · 8139458b39
commit 8139458b39
parent f5c96f4469
5 changed files with 36 additions and 11 deletions
--- a/clients/tools/common.c
+++ b/clients/tools/common.c
@ -1495,10 +1495,11 @@ tool_bind( LDAP *ld )

 		} else {
 			char *pw = getpassphrase( _("Enter LDAP Password: ") );
-			if ( pw ) {
-				passwd.bv_val = ber_strdup( pw );
-				passwd.bv_len = strlen( passwd.bv_val );
+			if ( pw == NULL ) { /* Allow EOF to exit. */
+				tool_exit( ld, EXIT_FAILURE );
 			}
+			passwd.bv_val = ber_strdup( pw );
+			passwd.bv_len = strlen( passwd.bv_val );
 		}
 	}

--- a/clients/tools/ldappasswd.c
+++ b/clients/tools/ldappasswd.c
@ -220,7 +220,12 @@ main( int argc, char *argv[] )
 	if( want_oldpw && oldpw.bv_val == NULL ) {
 		/* prompt for old password */
 		char *ckoldpw;
-		oldpw.bv_val = strdup(getpassphrase(_("Old password: ")));
+		ckoldpw = getpassphrase(_("Old password: "));
+		if ( ckoldpw == NULL ) { /* Allow EOF to exit. */
+			rc = EXIT_FAILURE;
+			goto done;
+		}
+		oldpw.bv_val = strdup( ckoldpw );
 		ckoldpw = getpassphrase(_("Re-enter old password: "));

 		if( oldpw.bv_val == NULL || ckoldpw == NULL ||
@ -245,7 +250,12 @@ main( int argc, char *argv[] )
 	if( want_newpw && newpw.bv_val == NULL ) {
 		/* prompt for new password */
 		char *cknewpw;
-		newpw.bv_val = strdup(getpassphrase(_("New password: ")));
+		cknewpw = getpassphrase(_("New password: "));
+		if ( cknewpw == NULL ) { /* Allow EOF to exit. */
+			rc = EXIT_FAILURE;
+			goto done;
+		}
+		newpw.bv_val = strdup( cknewpw );
 		cknewpw = getpassphrase(_("Re-enter new password: "));

 		if( newpw.bv_val == NULL || cknewpw == NULL ||
--- a/clients/tools/ldapvc.c
+++ b/clients/tools/ldapvc.c
@ -309,8 +309,14 @@ main( int argc, char *argv[] )
 #endif
           && !cred.bv_val)
 	{
-		cred.bv_val = strdup(getpassphrase(_("User's password: ")));
-	    cred.bv_len = strlen(cred.bv_val);
+		char *userpw = getpassphrase(_("User's password: "));
+		if ( userpw == NULL ) /* Allow EOF to exit. */
+		{
+			free( cred.bv_val );
+			tool_exit( ld, EXIT_FAILURE );
+		}
+		cred.bv_val = strdup(userpw);
+		cred.bv_len = strlen(cred.bv_val);
 	}

 #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS_INTERACTIVE
--- a/servers/slapd/slappasswd.c
+++ b/servers/slapd/slappasswd.c
@ -250,11 +250,16 @@ slappasswd( int argc, char *argv[] )
 		if( newpw == NULL ) {
 			/* prompt for new password */
 			char *cknewpw;
-			newpw = ch_strdup(getpassphrase("New password: "));
+			newpw = getpassphrase("New password: ");
+			if ( newpw == NULL ) { /* Allow EOF to exit. */
+				rc = EXIT_FAILURE;
+				goto destroy;
+			}
+			newpw = ch_strdup(newpw);
 			cknewpw = getpassphrase("Re-enter new password: ");
-	
-			if( strcmp( newpw, cknewpw )) {
-				fprintf( stderr, "Password values do not match\n" );
+			if( cknewpw == NULL || strcmp( newpw, cknewpw )) {
+				fprintf( stderr,
+				    "Password values do not match\n" );
 				rc = EXIT_FAILURE;
 				goto destroy;
 			}
--- a/tests/progs/slapd-tester.c
+++ b/tests/progs/slapd-tester.c
@ -406,6 +406,9 @@ main( int argc, char **argv )

 	if ( pw_ask ) {
 		passwd = getpassphrase( _("Enter LDAP Password: ") );
+		if ( passwd == NULL ) { /* Allow EOF to exit. */
+			exit( EXIT_FAILURE );
+		}

 	} else if ( pw_file ) {
 		struct berval	pw;