Patch from Paul Wouters to handle crypt() returning NULL

Resolves: #814803
2012-04-23 14:37:15 +02:00 · 2012-04-23 14:37:15 +02:00 · 1604bf4577
parent 379be8cd72
commit 1604bf4577
2 changed files with 75 additions and 1 deletions
--- a/yp-tools-2.12-crypt.patch
+++ b/yp-tools-2.12-crypt.patch
@ -0,0 +1,68 @@
+diff -up yp-tools-2.12/src/yppasswd.c.crypt yp-tools-2.12/src/yppasswd.c
+--- yp-tools-2.12/src/yppasswd.c.crypt	2012-04-23 13:01:35.599721168 +0200
+++ yp-tools-2.12/src/yppasswd.c	2012-04-23 13:16:18.251261293 +0200
+@@ -448,13 +448,19 @@ verifypassword (struct passwd *pwd, char
+     }
+ 
+   passwdlen = get_passwd_len (pwd->pw_passwd);
+-  if (pwd->pw_passwd[0]
+  if (pwd->pw_passwd[0] 
+       && 0 != strcmp (pwd->pw_passwd, "x") /* don't check shadow passwords */
+-      && !strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), passwdlen)
+       && uid)
+     {
+-      fputs (_("You cannot reuse the old password.\n"), stderr);
+-      return 0;
+      char *crypted = crypt(pwdstr, pwd->pw_passwd);
+      if(crypted == NULL) {
+        fputs (_("crypt() call failed.\n"), stderr);
+        return 0;
+      }
+      if(!strncmp (pwd->pw_passwd, crypted, passwdlen)) {
+        fputs (_("You cannot reuse the old password.\n"), stderr);
+        return 0;
+      }
+     }
+ 
+   r = 0;
+@@ -772,9 +778,16 @@ main (int argc, char **argv)
+ 	{
+ 	  int passwdlen = get_passwd_len (pwd->pw_passwd);
+ 	  char *sane_passwd = alloca (passwdlen + 1);
+	  char *crypted;
+ 	  strncpy (sane_passwd, pwd->pw_passwd, passwdlen);
+ 	  sane_passwd[passwdlen] = 0;
+-	  if (strcmp (crypt (s, sane_passwd), sane_passwd))
+	  crypted = crypt (s, sane_passwd);
+	  if(crypted == NULL)
+	    {
+	      fprintf (stderr, _("Sorry - crypt() failed.\n"));
+	      return 1;
+	    }
+	  if (strcmp (crypted, sane_passwd))
+ 	    {
+ 	      fprintf (stderr, _("Sorry.\n"));
+ 	      return 1;
+@@ -789,6 +802,7 @@ main (int argc, char **argv)
+       char *error_msg;
+ #endif /* USE_CRACKLIB */
+       char *buf, salt[37], *p = NULL;
+      char *crypted;
+       int tries = 0;
+ 
+       buf = (char *) malloc (129);
+@@ -869,7 +883,13 @@ main (int argc, char **argv)
+ 	  break;
+ 	}
+ 
+-      yppwd.newpw.pw_passwd = strdup (crypt (buf, salt));
+      crypted = crypt (buf, salt);
+      if(crypted == NULL) {
+	fprintf (stderr, _("Sorry - crypt() failed.\n"));
+	return 1;
+      } else {
+	yppwd.newpw.pw_passwd = strdup (crypted);
+      }
+     }
+ 
+   if (f_flag)
--- a/yp-tools.spec
+++ b/yp-tools.spec
@ -1,7 +1,7 @@
 Summary: NIS (or YP) client programs
 Name: yp-tools
 Version: 2.12
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: GPLv2
 Group: System Environment/Base
 Source: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/yp-tools-%{version}.tar.bz2
@ -10,6 +10,7 @@ Patch0: yp-tools-2.11-shadow.patch
 Patch1: yp-tools-2.12-typo.patch
 Patch2: yp-tools-2.12-gethost.patch
 Patch3: yp-tools-2.12-hash.patch
+Patch4: yp-tools-2.12-crypt.patch
 Url: http://www.linux-nis.org/nis/yp-tools/index.html
 Requires: ypbind

@ -39,6 +40,7 @@ you'll need to install the ypserv package on one machine on the network.
 %patch1 -p1 -b .typo
 %patch2 -p1 -b .gethost
 %patch3 -p1 -b .hash
+%patch4 -p1 -b .crypt

 %build
 %configure --disable-domainname
@ -60,6 +62,10 @@ make DESTDIR="$RPM_BUILD_ROOT" INSTALL_PROGRAM=install install
 /var/yp/nicknames

 %changelog
+* Mon Apr 23 2012 Honza Horak <hhorak@redhat.com> - 2.12-9
+- Patch from Paul Wouters to handle crypt() returning NULL
+  Resolves: #814803
+
 * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.12-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild