From a71b90837c02b3bd8c53a59f4bd52e8564b72662 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Honza=20Hor=C3=A1k?= <hhorak@redhat.com>
Date: Thu, 26 Apr 2012 12:37:10 +0200
Subject: [PATCH] Added patch to handle crypt() returning NULL

---
 ypserv-2.27-crypt.patch | 52 +++++++++++++++++++++++++++++++++++++++++
 ypserv.spec             |  7 +++++-
 2 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 ypserv-2.27-crypt.patch

diff --git a/ypserv-2.27-crypt.patch b/ypserv-2.27-crypt.patch
new file mode 100644
index 0000000..988d6c6
--- /dev/null
+++ b/ypserv-2.27-crypt.patch
@@ -0,0 +1,52 @@
+diff -up ypserv-2.27/rpc.yppasswdd/update.c.crypt ypserv-2.27/rpc.yppasswdd/update.c
+--- ypserv-2.27/rpc.yppasswdd/update.c.crypt	2012-04-23 13:43:11.180743268 +0200
++++ ypserv-2.27/rpc.yppasswdd/update.c	2012-04-23 13:43:15.747726695 +0200
+@@ -216,14 +216,27 @@ putspent_adjunct (const struct spwd *p,
+ 
+ /* Check if the password the user supplied matches the old one */
+ static int
+-password_ok (char *plain, char *crypted, char *root)
++password_ok (char *plain, char *crypted, char *root, char *logbuf)
+ {
++  char *crypted_new;
+   if (crypted[0] == '\0')
+     return 1;
+-  if (strcmp (crypt (plain, crypted), crypted) == 0)
++  crypted_new = crypt (plain, crypted);
++  if (crypted_new == NULL)
++    {
++      log_msg ("crypt() call failed.", logbuf);
++      return 0;
++    }
++  if (strcmp (crypted_new, crypted) == 0)
+     return 1;
+ #if CHECKROOT
+-  if (strcmp (crypt (plain, root), root) == 0)
++  crypted_new = crypt (plain, root);
++  if (crypted_new == NULL)
++    {
++      log_msg ("crypt() call failed.", logbuf);
++      return 0;
++    }
++  if (strcmp (crypted_new, root) == 0)
+     return 1;
+ #endif
+ 
+@@ -557,7 +570,7 @@ update_files (yppasswd *yppw, char *logb
+ 		{
+ 		  if (strcmp (yppw->newpw.pw_name, spw->sp_namp) == 0)
+ 		    {
+-		      if (!password_ok (yppw->oldpass, spw->sp_pwdp, rootpass))
++		      if (!password_ok (yppw->oldpass, spw->sp_pwdp, rootpass, logbuf))
+ 			{
+ 			  log_msg ("%s rejected", logbuf);
+ 			  log_msg ("Invalid password.");
+@@ -579,7 +592,7 @@ update_files (yppasswd *yppw, char *logb
+ 	  /* We don't have a shadow password file or we don't find the
+ 	     user in it. */
+ 	  if (spw == NULL &&
+-	      !password_ok (yppw->oldpass, pw->pw_passwd, rootpass))
++	      !password_ok (yppw->oldpass, pw->pw_passwd, rootpass, logbuf))
+ 	    {
+ 	      log_msg ("%s rejected", logbuf);
+ 	      log_msg ("Invalid password.");
diff --git a/ypserv.spec b/ypserv.spec
index 79354c7..cb1caf1 100644
--- a/ypserv.spec
+++ b/ypserv.spec
@@ -2,7 +2,7 @@ Summary: The NIS (Network Information Service) server
 Url: http://www.linux-nis.org/nis/ypserv/index.html
 Name: ypserv
 Version: 2.27
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source0: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/ypserv-%{version}.tar.bz2
@@ -33,6 +33,7 @@ Patch13: ypserv-2.26-errmsg.patch
 Patch14: ypserv-2.26-emptydomain.patch
 Patch16: ypserv-2.27-confpost.patch
 Patch17: ypserv-2.27-cloexec.patch
+Patch18: ypserv-2.27-crypt.patch
 
 BuildRequires: compat-gdbm-devel
 BuildRequires: systemd-units
@@ -74,6 +75,7 @@ machines.
 %patch14 -p1 -b .emptydomain
 %patch16 -p1 -b .confpost
 %patch17 -p1 -b .cloexec
+%patch18 -p1 -b .crypt
 
 autoreconf
 
@@ -178,6 +180,9 @@ exit 0
 %{_includedir}/*/*
 
 %changelog
+* Thu Apr 26 2012 Honza Horak <hhorak@redhat.com> - 2.27-3
+- Added patch to handle crypt() returning NULL
+
 * Fri Apr 13 2012 Honza Horak <hhorak@redhat.com> - 2.27-2
 - Use O_CLOEXEC when opening pid file to avoid SELinux issues
   Resolves: #809120