diff -up shadow-4.1.5.1/lib/encrypt.c.crypt-null shadow-4.1.5.1/lib/encrypt.c --- shadow-4.1.5.1/lib/encrypt.c.crypt-null 2010-08-22 15:05:02.000000000 +0200 +++ shadow-4.1.5.1/lib/encrypt.c 2013-07-25 12:27:30.438355782 +0200 @@ -49,11 +49,10 @@ if (!cp) { /* * Single Unix Spec: crypt() may return a null pointer, - * and set errno to indicate an error. The caller doesn't - * expect us to return NULL, so... + * and set errno to indicate an error. In this case return + * the NULL so the caller can handle appropriately. */ - perror ("crypt"); - exit (EXIT_FAILURE); + return cp; } /* The GNU crypt does not return NULL if the algorithm is not diff -up shadow-4.1.5.1/libmisc/valid.c.crypt-null shadow-4.1.5.1/libmisc/valid.c --- shadow-4.1.5.1/libmisc/valid.c.crypt-null 2010-08-22 21:14:41.000000000 +0200 +++ shadow-4.1.5.1/libmisc/valid.c 2013-07-25 12:27:30.440355847 +0200 @@ -95,6 +95,7 @@ bool valid (const char *password, const */ if ( (NULL != ent->pw_name) + && (NULL != encrypted) && (strcmp (encrypted, ent->pw_passwd) == 0)) { return true; } else { diff -up shadow-4.1.5.1/lib/pwauth.c.crypt-null shadow-4.1.5.1/lib/pwauth.c --- shadow-4.1.5.1/lib/pwauth.c.crypt-null 2009-07-13 00:24:48.000000000 +0200 +++ shadow-4.1.5.1/lib/pwauth.c 2013-07-25 12:27:30.438355782 +0200 @@ -73,6 +73,7 @@ int pw_auth (const char *cipher, char prompt[1024]; char *clear = NULL; const char *cp; + const char *encrypted; int retval; #ifdef SKEY @@ -177,7 +178,11 @@ int pw_auth (const char *cipher, * the results there as well. */ - retval = strcmp (pw_encrypt (input, cipher), cipher); + encrypted = pw_encrypt (input, cipher); + if (encrypted!=NULL) + retval = strcmp (encrypted, cipher); + else + retval = -1; #ifdef SKEY /* diff -up shadow-4.1.5.1/src/chgpasswd.c.crypt-null shadow-4.1.5.1/src/chgpasswd.c --- shadow-4.1.5.1/src/chgpasswd.c.crypt-null 2011-12-09 22:31:40.000000000 +0100 +++ shadow-4.1.5.1/src/chgpasswd.c 2013-07-25 12:27:30.440355847 +0200 @@ -469,6 +469,10 @@ int main (int argc, char **argv) #endif cp = pw_encrypt (newpwd, crypt_make_salt (crypt_method, arg)); + if (cp == NULL) { + perror ("crypt"); + exit (EXIT_FAILURE); + } } /* diff -up shadow-4.1.5.1/src/chpasswd.c.crypt-null shadow-4.1.5.1/src/chpasswd.c --- shadow-4.1.5.1/src/chpasswd.c.crypt-null 2011-12-09 22:31:40.000000000 +0100 +++ shadow-4.1.5.1/src/chpasswd.c 2013-07-25 12:27:30.440355847 +0200 @@ -492,6 +492,10 @@ int main (int argc, char **argv) #endif cp = pw_encrypt (newpwd, crypt_make_salt(crypt_method, arg)); + if (cp == NULL) { + perror ("crypt"); + exit (EXIT_FAILURE); + } } /* diff -up shadow-4.1.5.1/src/gpasswd.c.crypt-null shadow-4.1.5.1/src/gpasswd.c --- shadow-4.1.5.1/src/gpasswd.c.crypt-null 2011-11-19 23:55:04.000000000 +0100 +++ shadow-4.1.5.1/src/gpasswd.c 2013-07-25 12:27:30.441355866 +0200 @@ -939,6 +939,10 @@ static void change_passwd (struct group } cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL)); + if (cp==NULL) { + perror ("crypt"); + exit (EXIT_FAILURE); + } memzero (pass, sizeof pass); #ifdef SHADOWGRP if (is_shadowgrp) { diff -up shadow-4.1.5.1/src/newgrp.c.crypt-null shadow-4.1.5.1/src/newgrp.c --- shadow-4.1.5.1/src/newgrp.c.crypt-null 2011-07-30 03:50:01.000000000 +0200 +++ shadow-4.1.5.1/src/newgrp.c 2013-07-25 12:27:30.442355881 +0200 @@ -184,7 +184,8 @@ static void check_perms (const struct gr cpasswd = pw_encrypt (cp, grp->gr_passwd); strzero (cp); - if (grp->gr_passwd[0] == '\0' || + if (cpasswd == NULL || + grp->gr_passwd[0] == '\0' || strcmp (cpasswd, grp->gr_passwd) != 0) { #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), diff -up shadow-4.1.5.1/src/newusers.c.crypt-null shadow-4.1.5.1/src/newusers.c --- shadow-4.1.5.1/src/newusers.c.crypt-null 2011-12-09 22:31:40.000000000 +0100 +++ shadow-4.1.5.1/src/newusers.c 2013-07-25 12:27:30.442355881 +0200 @@ -387,6 +387,7 @@ static int add_user (const char *name, u static void update_passwd (struct passwd *pwd, const char *password) { void *crypt_arg = NULL; + char *cp; if (crypt_method != NULL) { #ifdef USE_SHA_CRYPT if (sflg) { @@ -398,9 +399,13 @@ static void update_passwd (struct passwd if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) { pwd->pw_passwd = (char *)password; } else { - pwd->pw_passwd = pw_encrypt (password, - crypt_make_salt (crypt_method, - crypt_arg)); + cp=pw_encrypt (password, crypt_make_salt (crypt_method, + crypt_arg)); + if (cp == NULL) { + perror ("crypt"); + exit (EXIT_FAILURE); + } + pwd->pw_passwd = cp; } } #endif /* !USE_PAM */ @@ -412,6 +417,7 @@ static int add_passwd (struct passwd *pw { const struct spwd *sp; struct spwd spent; + char *cp; #ifndef USE_PAM void *crypt_arg = NULL; @@ -448,7 +454,12 @@ static int add_passwd (struct passwd *pw } else { const char *salt = crypt_make_salt (crypt_method, crypt_arg); - spent.sp_pwdp = pw_encrypt (password, salt); + cp = pw_encrypt (password, salt); + if (cp == NULL) { + perror ("crypt"); + exit (EXIT_FAILURE); + } + spent.sp_pwdp = cp; } spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE; if (0 == spent.sp_lstchg) { @@ -492,7 +503,12 @@ static int add_passwd (struct passwd *pw spent.sp_pwdp = (char *)password; } else { const char *salt = crypt_make_salt (crypt_method, crypt_arg); - spent.sp_pwdp = pw_encrypt (password, salt); + cp = pw_encrypt (password, salt); + if (cp == NULL) { + perror ("crypt"); + exit (EXIT_FAILURE); + } + spent.sp_pwdp = cp; } #else /* diff -up shadow-4.1.5.1/src/passwd.c.crypt-null shadow-4.1.5.1/src/passwd.c --- shadow-4.1.5.1/src/passwd.c.crypt-null 2012-02-13 21:32:01.000000000 +0100 +++ shadow-4.1.5.1/src/passwd.c 2013-07-25 12:27:30.443355896 +0200 @@ -242,7 +242,7 @@ static int new_password (const struct pa } cipher = pw_encrypt (clear, crypt_passwd); - if (strcmp (cipher, crypt_passwd) != 0) { + if ((cipher == NULL) || (strcmp (cipher, crypt_passwd) != 0)) { strzero (clear); strzero (cipher); SYSLOG ((LOG_WARN, "incorrect password for %s", @@ -349,6 +349,10 @@ static int new_password (const struct pa * Encrypt the password, then wipe the cleartext password. */ cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL)); + if (cp == NULL) { + perror ("crypt"); + exit (EXIT_FAILURE); + } memzero (pass, sizeof pass); #ifdef HAVE_LIBCRACK_HIST