diff -Naur apg-2.3.0b-orig/restrict.c apg-2.3.0b/restrict.c
--- apg-2.3.0b-orig/restrict.c 2003-08-07 11:40:39.000000000 -0400
+++ apg-2.3.0b/restrict.c 2012-04-23 15:01:38.968745907 -0400
@@ -54,6 +54,10 @@
FILE *dct;
char *string;
char *tmp;
+
+ if( pass == NULL)
+ return(-1);
+
if( (string = (char *) calloc(1,MAX_DICT_STRING_SIZE)) == NULL)
return(-1);
@@ -140,13 +144,17 @@
paranoid_bloom_check_pass (char * password, char *filter, USHORT s_len)
{
char * substring;
- int len = strlen(password); /* string length */
+ int len = 0;
int c_substr_start_pos = 0; /* current start position */
int substr_len = 0; /* substring length (LEN-I >= substr_len >= 2) */
int k = 0; /* counter */
int c = 0; /* counter */
int ret = 0;
if (s_len < 2) s_len = 2;
+ if(password == NULL)
+ return (-1);
+
+ len = strlen(password); /* string length */
if (s_len > len) return (bloom_check_pass(password, filter));
#ifdef APG_DEBUG
@@ -203,16 +211,19 @@
cracklib_check_pass(char *pw, char *dictpath)
{
char * msg;
- msg = FascistCheck(pw,dictpath);
- if (msg == NULL) return (0);
- else
+ if( pw != NULL)
{
+ msg = FascistCheck(pw,dictpath);
+ if (msg == NULL) return (0);
+ else
+ {
#ifdef APG_DEBUG
- fprintf(stdout,"cracklib_check_pass: password --> %s rejected (%s)\n", pw, msg);
- fflush(stdout);
+ fprintf(stdout,"cracklib_check_pass: password --> %s rejected (%s)\n", pw, msg);
+ fflush(stdout);
#endif
- return (1);
+ }
}
+ return (1);
}
#endif
@@ -245,6 +256,9 @@
fflush (stdout);
#endif /* APG_DEBUG */
+if(word == NULL)
+ return(0);
+
if ((cond & S_SS) > 0)
for (i=0; i < 94; i++)
if ((smbl[i].type & S_SS) > 0)