shadow-utils/shadow-4.1.5.1-crypt-null.patch

diff -up shadow-4.1.5.1/lib/encrypt.c.crypt-null shadow-4.1.5.1/lib/encrypt.c
--- shadow-4.1.5.1/lib/encrypt.c.crypt-null	2010-08-22 15:05:02.000000000 +0200
+++ shadow-4.1.5.1/lib/encrypt.c	2013-07-25 12:27:30.438355782 +0200
@@ -49,11 +49,10 @@
 	if (!cp) {
 		/*
 		 * Single Unix Spec: crypt() may return a null pointer,
-		 * and set errno to indicate an error.  The caller doesn't
-		 * expect us to return NULL, so...
+		 * and set errno to indicate an error. In this case return
+		 * the NULL so the caller can handle appropriately.
 		 */
-		perror ("crypt");
-		exit (EXIT_FAILURE);
+		return cp;
 	}
 
 	/* The GNU crypt does not return NULL if the algorithm is not
diff -up shadow-4.1.5.1/libmisc/valid.c.crypt-null shadow-4.1.5.1/libmisc/valid.c
--- shadow-4.1.5.1/libmisc/valid.c.crypt-null	2010-08-22 21:14:41.000000000 +0200
+++ shadow-4.1.5.1/libmisc/valid.c	2013-07-25 12:27:30.440355847 +0200
@@ -95,6 +95,7 @@ bool valid (const char *password, const
 	 */
 
 	if (   (NULL != ent->pw_name)
+	    && (NULL != encrypted)
 	    && (strcmp (encrypted, ent->pw_passwd) == 0)) {
 		return true;
 	} else {
diff -up shadow-4.1.5.1/lib/pwauth.c.crypt-null shadow-4.1.5.1/lib/pwauth.c
--- shadow-4.1.5.1/lib/pwauth.c.crypt-null	2009-07-13 00:24:48.000000000 +0200
+++ shadow-4.1.5.1/lib/pwauth.c	2013-07-25 12:27:30.438355782 +0200
@@ -73,6 +73,7 @@ int pw_auth (const char *cipher,
 	char prompt[1024];
 	char *clear = NULL;
 	const char *cp;
+	const char *encrypted;
 	int retval;
 
 #ifdef	SKEY
@@ -177,7 +178,11 @@ int pw_auth (const char *cipher,
 	 * the results there as well.
 	 */
 
-	retval = strcmp (pw_encrypt (input, cipher), cipher);
+	encrypted = pw_encrypt (input, cipher);
+	if (encrypted!=NULL)
+		retval = strcmp (encrypted, cipher);
+	else
+		retval = -1;
 
 #ifdef  SKEY
 	/*
diff -up shadow-4.1.5.1/src/chgpasswd.c.crypt-null shadow-4.1.5.1/src/chgpasswd.c
--- shadow-4.1.5.1/src/chgpasswd.c.crypt-null	2011-12-09 22:31:40.000000000 +0100
+++ shadow-4.1.5.1/src/chgpasswd.c	2013-07-25 12:27:30.440355847 +0200
@@ -469,6 +469,10 @@ int main (int argc, char **argv)
 #endif
 			cp = pw_encrypt (newpwd,
 			                 crypt_make_salt (crypt_method, arg));
+			if (cp == NULL) {
+				perror ("crypt");
+				exit (EXIT_FAILURE);
+			}	
 		}
 
 		/*
diff -up shadow-4.1.5.1/src/chpasswd.c.crypt-null shadow-4.1.5.1/src/chpasswd.c
--- shadow-4.1.5.1/src/chpasswd.c.crypt-null	2011-12-09 22:31:40.000000000 +0100
+++ shadow-4.1.5.1/src/chpasswd.c	2013-07-25 12:27:30.440355847 +0200
@@ -492,6 +492,10 @@ int main (int argc, char **argv)
 #endif
 			cp = pw_encrypt (newpwd,
 			                 crypt_make_salt(crypt_method, arg));
+			if (cp == NULL) {
+				perror ("crypt");
+				exit (EXIT_FAILURE);
+			}
 		}
 
 		/*
diff -up shadow-4.1.5.1/src/gpasswd.c.crypt-null shadow-4.1.5.1/src/gpasswd.c
--- shadow-4.1.5.1/src/gpasswd.c.crypt-null	2011-11-19 23:55:04.000000000 +0100
+++ shadow-4.1.5.1/src/gpasswd.c	2013-07-25 12:27:30.441355866 +0200
@@ -939,6 +939,10 @@ static void change_passwd (struct group
 	}
 
 	cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
+	if (cp==NULL) {
+		perror ("crypt");
+		exit (EXIT_FAILURE);
+	}
 	memzero (pass, sizeof pass);
 #ifdef SHADOWGRP
 	if (is_shadowgrp) {
diff -up shadow-4.1.5.1/src/newgrp.c.crypt-null shadow-4.1.5.1/src/newgrp.c
--- shadow-4.1.5.1/src/newgrp.c.crypt-null	2011-07-30 03:50:01.000000000 +0200
+++ shadow-4.1.5.1/src/newgrp.c	2013-07-25 12:27:30.442355881 +0200
@@ -184,7 +184,8 @@ static void check_perms (const struct gr
 		cpasswd = pw_encrypt (cp, grp->gr_passwd);
 		strzero (cp);
 
-		if (grp->gr_passwd[0] == '\0' ||
+		if (cpasswd == NULL ||
+		    grp->gr_passwd[0] == '\0' ||
 		    strcmp (cpasswd, grp->gr_passwd) != 0) {
 #ifdef WITH_AUDIT
 			snprintf (audit_buf, sizeof(audit_buf),
diff -up shadow-4.1.5.1/src/newusers.c.crypt-null shadow-4.1.5.1/src/newusers.c
--- shadow-4.1.5.1/src/newusers.c.crypt-null	2011-12-09 22:31:40.000000000 +0100
+++ shadow-4.1.5.1/src/newusers.c	2013-07-25 12:27:30.442355881 +0200
@@ -387,6 +387,7 @@ static int add_user (const char *name, u
 static void update_passwd (struct passwd *pwd, const char *password)
 {
 	void *crypt_arg = NULL;
+	char *cp;
 	if (crypt_method != NULL) {
 #ifdef USE_SHA_CRYPT
 		if (sflg) {
@@ -398,9 +399,13 @@ static void update_passwd (struct passwd
 	if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) {
 		pwd->pw_passwd = (char *)password;
 	} else {
-		pwd->pw_passwd = pw_encrypt (password,
-		                             crypt_make_salt (crypt_method,
-		                                              crypt_arg));
+		cp=pw_encrypt (password, crypt_make_salt (crypt_method, 
+		                                          crypt_arg));
+		if (cp == NULL) {
+			perror ("crypt");
+			exit (EXIT_FAILURE);
+		}
+		pwd->pw_passwd = cp;
 	}
 }
 #endif				/* !USE_PAM */
@@ -412,6 +417,7 @@ static int add_passwd (struct passwd *pw
 {
 	const struct spwd *sp;
 	struct spwd spent;
+	char *cp;
 
 #ifndef USE_PAM
 	void *crypt_arg = NULL;
@@ -448,7 +454,12 @@ static int add_passwd (struct passwd *pw
 		} else {
 			const char *salt = crypt_make_salt (crypt_method,
 			                                    crypt_arg);
-			spent.sp_pwdp = pw_encrypt (password, salt);
+			cp = pw_encrypt (password, salt);
+			if (cp == NULL) {
+				perror ("crypt");
+				exit (EXIT_FAILURE);
+			}
+			spent.sp_pwdp = cp;
 		}
 		spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
 		if (0 == spent.sp_lstchg) {
@@ -492,7 +503,12 @@ static int add_passwd (struct passwd *pw
 		spent.sp_pwdp = (char *)password;
 	} else {
 		const char *salt = crypt_make_salt (crypt_method, crypt_arg);
-		spent.sp_pwdp = pw_encrypt (password, salt);
+		cp = pw_encrypt (password, salt);
+		if (cp == NULL) {
+			perror ("crypt");
+			exit (EXIT_FAILURE);
+		}
+		spent.sp_pwdp = cp;
 	}
 #else
 	/*
diff -up shadow-4.1.5.1/src/passwd.c.crypt-null shadow-4.1.5.1/src/passwd.c
--- shadow-4.1.5.1/src/passwd.c.crypt-null	2012-02-13 21:32:01.000000000 +0100
+++ shadow-4.1.5.1/src/passwd.c	2013-07-25 12:27:30.443355896 +0200
@@ -242,7 +242,7 @@ static int new_password (const struct pa
 		}
 
 		cipher = pw_encrypt (clear, crypt_passwd);
-		if (strcmp (cipher, crypt_passwd) != 0) {
+		if ((cipher == NULL) || (strcmp (cipher, crypt_passwd) != 0)) {
 			strzero (clear);
 			strzero (cipher);
 			SYSLOG ((LOG_WARN, "incorrect password for %s",
@@ -349,6 +349,10 @@ static int new_password (const struct pa
 	 * Encrypt the password, then wipe the cleartext password.
 	 */
 	cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
+	if (cp == NULL) {
+		perror ("crypt");
+		exit (EXIT_FAILURE);
+	}
 	memzero (pass, sizeof pass);
 
 #ifdef HAVE_LIBCRACK_HIST
slightly more meaningful error messages if crypt() returns NULL (#988184) - explicit suid permissions 2013-07-25 11:26:18 +00:00			`diff -up shadow-4.1.5.1/lib/encrypt.c.crypt-null shadow-4.1.5.1/lib/encrypt.c`
			`--- shadow-4.1.5.1/lib/encrypt.c.crypt-null 2010-08-22 15:05:02.000000000 +0200`
			`+++ shadow-4.1.5.1/lib/encrypt.c 2013-07-25 12:27:30.438355782 +0200`
			`@@ -49,11 +49,10 @@`
			`if (!cp) {`
			`/*`
			`* Single Unix Spec: crypt() may return a null pointer,`
			`- * and set errno to indicate an error. The caller doesn't`
			`- * expect us to return NULL, so...`
			`+ * and set errno to indicate an error. In this case return`
			`+ * the NULL so the caller can handle appropriately.`
			`*/`
			`- perror ("crypt");`
			`- exit (EXIT_FAILURE);`
			`+ return cp;`
			`}`

			`/* The GNU crypt does not return NULL if the algorithm is not`
			`diff -up shadow-4.1.5.1/libmisc/valid.c.crypt-null shadow-4.1.5.1/libmisc/valid.c`
			`--- shadow-4.1.5.1/libmisc/valid.c.crypt-null 2010-08-22 21:14:41.000000000 +0200`
			`+++ shadow-4.1.5.1/libmisc/valid.c 2013-07-25 12:27:30.440355847 +0200`
			`@@ -95,6 +95,7 @@ bool valid (const char *password, const`
			`*/`

			`if ( (NULL != ent->pw_name)`
			`+ && (NULL != encrypted)`
			`&& (strcmp (encrypted, ent->pw_passwd) == 0)) {`
			`return true;`
			`} else {`
			`diff -up shadow-4.1.5.1/lib/pwauth.c.crypt-null shadow-4.1.5.1/lib/pwauth.c`
			`--- shadow-4.1.5.1/lib/pwauth.c.crypt-null 2009-07-13 00:24:48.000000000 +0200`
			`+++ shadow-4.1.5.1/lib/pwauth.c 2013-07-25 12:27:30.438355782 +0200`
			`@@ -73,6 +73,7 @@ int pw_auth (const char *cipher,`
			`char prompt[1024];`
			`char *clear = NULL;`
			`const char *cp;`
			`+ const char *encrypted;`
			`int retval;`

			`#ifdef SKEY`
			`@@ -177,7 +178,11 @@ int pw_auth (const char *cipher,`
			`* the results there as well.`
			`*/`

			`- retval = strcmp (pw_encrypt (input, cipher), cipher);`
			`+ encrypted = pw_encrypt (input, cipher);`
			`+ if (encrypted!=NULL)`
			`+ retval = strcmp (encrypted, cipher);`
			`+ else`
			`+ retval = -1;`

			`#ifdef SKEY`
			`/*`
			`diff -up shadow-4.1.5.1/src/chgpasswd.c.crypt-null shadow-4.1.5.1/src/chgpasswd.c`
			`--- shadow-4.1.5.1/src/chgpasswd.c.crypt-null 2011-12-09 22:31:40.000000000 +0100`
			`+++ shadow-4.1.5.1/src/chgpasswd.c 2013-07-25 12:27:30.440355847 +0200`
			`@@ -469,6 +469,10 @@ int main (int argc, char **argv)`
			`#endif`
			`cp = pw_encrypt (newpwd,`
			`crypt_make_salt (crypt_method, arg));`
			`+ if (cp == NULL) {`
			`+ perror ("crypt");`
			`+ exit (EXIT_FAILURE);`
			`+ }`
			`}`

			`/*`
			`diff -up shadow-4.1.5.1/src/chpasswd.c.crypt-null shadow-4.1.5.1/src/chpasswd.c`
			`--- shadow-4.1.5.1/src/chpasswd.c.crypt-null 2011-12-09 22:31:40.000000000 +0100`
			`+++ shadow-4.1.5.1/src/chpasswd.c 2013-07-25 12:27:30.440355847 +0200`
			`@@ -492,6 +492,10 @@ int main (int argc, char **argv)`
			`#endif`
			`cp = pw_encrypt (newpwd,`
			`crypt_make_salt(crypt_method, arg));`
			`+ if (cp == NULL) {`
			`+ perror ("crypt");`
			`+ exit (EXIT_FAILURE);`
			`+ }`
			`}`

			`/*`
			`diff -up shadow-4.1.5.1/src/gpasswd.c.crypt-null shadow-4.1.5.1/src/gpasswd.c`
			`--- shadow-4.1.5.1/src/gpasswd.c.crypt-null 2011-11-19 23:55:04.000000000 +0100`
			`+++ shadow-4.1.5.1/src/gpasswd.c 2013-07-25 12:27:30.441355866 +0200`
			`@@ -939,6 +939,10 @@ static void change_passwd (struct group`
			`}`

			`cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));`
			`+ if (cp==NULL) {`
			`+ perror ("crypt");`
			`+ exit (EXIT_FAILURE);`
			`+ }`
			`memzero (pass, sizeof pass);`
			`#ifdef SHADOWGRP`
			`if (is_shadowgrp) {`
			`diff -up shadow-4.1.5.1/src/newgrp.c.crypt-null shadow-4.1.5.1/src/newgrp.c`
			`--- shadow-4.1.5.1/src/newgrp.c.crypt-null 2011-07-30 03:50:01.000000000 +0200`
			`+++ shadow-4.1.5.1/src/newgrp.c 2013-07-25 12:27:30.442355881 +0200`
			`@@ -184,7 +184,8 @@ static void check_perms (const struct gr`
			`cpasswd = pw_encrypt (cp, grp->gr_passwd);`
			`strzero (cp);`

			`- if (grp->gr_passwd[0] == '\0' \|\|`
			`+ if (cpasswd == NULL \|\|`
			`+ grp->gr_passwd[0] == '\0' \|\|`
			`strcmp (cpasswd, grp->gr_passwd) != 0) {`
			`#ifdef WITH_AUDIT`
			`snprintf (audit_buf, sizeof(audit_buf),`
			`diff -up shadow-4.1.5.1/src/newusers.c.crypt-null shadow-4.1.5.1/src/newusers.c`
			`--- shadow-4.1.5.1/src/newusers.c.crypt-null 2011-12-09 22:31:40.000000000 +0100`
			`+++ shadow-4.1.5.1/src/newusers.c 2013-07-25 12:27:30.442355881 +0200`
			`@@ -387,6 +387,7 @@ static int add_user (const char *name, u`
			`static void update_passwd (struct passwd pwd, const char password)`
			`{`
			`void *crypt_arg = NULL;`
			`+ char *cp;`
			`if (crypt_method != NULL) {`
			`#ifdef USE_SHA_CRYPT`
			`if (sflg) {`
			`@@ -398,9 +399,13 @@ static void update_passwd (struct passwd`
			`if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) {`
			`pwd->pw_passwd = (char *)password;`
			`} else {`
			`- pwd->pw_passwd = pw_encrypt (password,`
			`- crypt_make_salt (crypt_method,`
			`- crypt_arg));`
			`+ cp=pw_encrypt (password, crypt_make_salt (crypt_method,`
			`+ crypt_arg));`
			`+ if (cp == NULL) {`
			`+ perror ("crypt");`
			`+ exit (EXIT_FAILURE);`
			`+ }`
			`+ pwd->pw_passwd = cp;`
			`}`
			`}`
			`#endif /* !USE_PAM */`
			`@@ -412,6 +417,7 @@ static int add_passwd (struct passwd *pw`
			`{`
			`const struct spwd *sp;`
			`struct spwd spent;`
			`+ char *cp;`

			`#ifndef USE_PAM`
			`void *crypt_arg = NULL;`
			`@@ -448,7 +454,12 @@ static int add_passwd (struct passwd *pw`
			`} else {`
			`const char *salt = crypt_make_salt (crypt_method,`
			`crypt_arg);`
			`- spent.sp_pwdp = pw_encrypt (password, salt);`
			`+ cp = pw_encrypt (password, salt);`
			`+ if (cp == NULL) {`
			`+ perror ("crypt");`
			`+ exit (EXIT_FAILURE);`
			`+ }`
			`+ spent.sp_pwdp = cp;`
			`}`
			`spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;`
			`if (0 == spent.sp_lstchg) {`
			`@@ -492,7 +503,12 @@ static int add_passwd (struct passwd *pw`
			`spent.sp_pwdp = (char *)password;`
			`} else {`
			`const char *salt = crypt_make_salt (crypt_method, crypt_arg);`
			`- spent.sp_pwdp = pw_encrypt (password, salt);`
			`+ cp = pw_encrypt (password, salt);`
			`+ if (cp == NULL) {`
			`+ perror ("crypt");`
			`+ exit (EXIT_FAILURE);`
			`+ }`
			`+ spent.sp_pwdp = cp;`
			`}`
			`#else`
			`/*`
			`diff -up shadow-4.1.5.1/src/passwd.c.crypt-null shadow-4.1.5.1/src/passwd.c`
			`--- shadow-4.1.5.1/src/passwd.c.crypt-null 2012-02-13 21:32:01.000000000 +0100`
			`+++ shadow-4.1.5.1/src/passwd.c 2013-07-25 12:27:30.443355896 +0200`
			`@@ -242,7 +242,7 @@ static int new_password (const struct pa`
			`}`

			`cipher = pw_encrypt (clear, crypt_passwd);`
			`- if (strcmp (cipher, crypt_passwd) != 0) {`
			`+ if ((cipher == NULL) \|\| (strcmp (cipher, crypt_passwd) != 0)) {`
			`strzero (clear);`
			`strzero (cipher);`
			`SYSLOG ((LOG_WARN, "incorrect password for %s",`
			`@@ -349,6 +349,10 @@ static int new_password (const struct pa`
			`* Encrypt the password, then wipe the cleartext password.`
			`*/`
			`cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));`
			`+ if (cp == NULL) {`
			`+ perror ("crypt");`
			`+ exit (EXIT_FAILURE);`
			`+ }`
			`memzero (pass, sizeof pass);`

			`#ifdef HAVE_LIBCRACK_HIST`