Fix a case of dereference NULL pointer when trying to use an user from
an userlist which does not have a password configured.
The check_user() function tries to do an strcmp of the password, howver
u->pass is NULL and the strcmp would crash when trying.
Must be backported in every stable branches.
fprintf(stderr, ", crypt=%s\n", ((ep) ? ep : ""));
#endif
- if (ep && strcmp(ep, u->pass) == 0)
+ if (ep && u->pass && strcmp(ep, u->pass) == 0)
return 1;
else
return 0;