X-Git-Url: https://git.armaanb.net/?a=blobdiff_plain;f=shadow.c;h=71c71c697dd644017a7d77bc8541f029c49038f2;hb=4356cb6b4cefb142d182784c264ce936a1ec3626;hp=a775b2beec88571d6e8ed44af651b58a47d084f2;hpb=3df794793ea3db2a6a8abfeb46803b9c5b80502a;p=opendoas.git

diff --git a/shadow.c b/shadow.c
index a775b2b..71c71c6 100644
--- a/shadow.c
+++ b/shadow.c
@@ -64,15 +64,18 @@ shadowauth(const char *myname, int persist)
 			"tty required for %s", myname);
 		errx(1, "a tty is required");
 	}
-	if ((encrypted = crypt(response, hash)) == NULL)
-		err(1, "crypt");
+	if (response == NULL)
+		err(1, "readpassphrase");
+	if ((encrypted = crypt(response, hash)) == NULL) {
+		explicit_bzero(rbuf, sizeof(rbuf));
+		errx(1, "Authorization failed");
+	}
+	explicit_bzero(rbuf, sizeof(rbuf));
 	if (strcmp(encrypted, hash) != 0) {
 		syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
 		errx(1, "Authorization failed");
 	}
 
-	explicit_bzero(rbuf, sizeof(rbuf));
-
 #ifdef USE_TIMESTAMP
 good:
 	if (fd != -1) {