chgpasswd: avoid NULL dereference

A crypt method needs to be specified before the rounds can set: #0 __strcmp_sse42 () at ../sysdeps/x86_64/multiarch/strcmp-sse4_2.S:227 shadow-maint#1 0x0000555555557755 in process_flags (argv=0x7fffffffe4d8, argc=3) at chgpasswd.c:188 shadow-maint#2 main (argc=3, argv=0x7fffffffe4d8) at chgpasswd.c:427 chgpasswd.c:188:42: warning: use of NULL where non-null expected [CWE-476] [-Wanalyzer-null-argument]
cgzones · Jan 30, 2023 · 10b85ad · 10b85ad
1 parent 3b1905f
commit 10b85ad
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/chgpasswd.c b/src/chgpasswd.c
@@ -183,7 +183,13 @@ static void process_flags (int argc, char **argv)
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 		case 's':
 			sflg = true;
-                        bad_s = 0;
+			bad_s = 0;
+			if (!crypt_method) {
+				fprintf (stderr,
+					 _("%s: --sha-rounds requires --crypt-method to be specified\n"),
+					 Prog);
+				usage (E_USAGE);
+			}
 #if defined(USE_SHA_CRYPT)
 			if (  (   ((0 == strcmp (crypt_method, "SHA256")) || (0 == strcmp (crypt_method, "SHA512")))
 			       && (0 == getlong(optarg, &sha_rounds)))) {