From 6d128e1d7889924ec6ef5eb897d0ba94fed313db Mon Sep 17 00:00:00 2001
From: Jafar Al-Gharaibeh <jafar@atcorp.com>
Date: Mon, 1 Aug 2016 18:14:38 -0500
Subject: [PATCH] vtysh: Fix, guard against NULL pointer dereference

getpwuid() may fail returning a null value leaving subsequent
code vulnerable to a null pointer dereference.

Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
Tested-by: NetDEF CI System <cisystem@netdef.org>
---
 vtysh/vtysh_user.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/vtysh/vtysh_user.c b/vtysh/vtysh_user.c
index 988c768dce..1886ba3a67 100644
--- a/vtysh/vtysh_user.c
+++ b/vtysh/vtysh_user.c
@@ -195,7 +195,11 @@ vtysh_auth (void)
   struct vtysh_user *user;
   struct passwd *passwd;
 
-  passwd = getpwuid (geteuid ());
+  if ((passwd = getpwuid (geteuid ())) == NULL)
+  {
+    fprintf (stderr, "could not lookup user ID %d\n", (int) geteuid());
+    exit (1);
+  }
 
   user = user_lookup (passwd->pw_name);
   if (user && user->nopassword)
-- 
2.39.5