vtysh: Fix, guard against NULL pointer dereference

getpwuid() may fail returning a null value leaving subsequent
code vulnerable to a null pointer dereference.

Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
Tested-by: NetDEF CI System <cisystem@netdef.org>

diff --git a/vtysh/vtysh_user.c b/vtysh/vtysh_user.c
index 988c768dcefbf3a84345d5b21cf5d0386ca18f41..1886ba3a67b2380f36794a08a67ca30e3207b62d 100644 (file)
--- a/vtysh/vtysh_user.c
+++ b/vtysh/vtysh_user.c
@@ -195,7 +195,11 @@ vtysh_auth (void)
   struct vtysh_user *user;
   struct passwd *passwd;
 
-  passwd = getpwuid (geteuid ());
+  if ((passwd = getpwuid (geteuid ())) == NULL)
+  {
+    fprintf (stderr, "could not lookup user ID %d\n", (int) geteuid());
+    exit (1);
+  }
 
   user = user_lookup (passwd->pw_name);
   if (user && user->nopassword)