Skip to content

Security Pattern: Systematic NULL Pointer Vulnerabilities #6

New issue
New issue
Open
Open
Security Pattern: Systematic NULL Pointer Vulnerabilities#6
Labels
bugSomething isn't workingmodernizationIssues related to C code modernizationsecuritySecurity vulnerabilities and fixes
@smooge

Description

@smooge
smooge
opened on Sep 19, 2025

Priority: HIGH
File: Src/checkX.c
Function: Multiple functions (user_exists, check_lock, canseelogin)
Discovered: During systematic security pattern analysis

Description: Multiple functions in checkX.c lack NULL pointer validation, creating a pattern of vulnerability.

Functions Affected:

  • user_exists(): No NULL check before getpwnam(who)
  • check_lock(): No NULL check before open(filename, ...)
  • canseelogin(): No NULL check before strcmp(loginname, ...)

Impact: Systematic crashes when NULL pointers are passed to these security-critical functions.

Proposed Fix: Implement systematic NULL checks across all checkX.c functions:

/* Pattern for all functions */
if (parameter == NULL) {
    return appropriate_error_value;
}

Original Bug ID: BUG-006

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingmodernizationIssues related to C code modernizationsecuritySecurity vulnerabilities and fixes

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions