diff -up shadow-4.1.5.1/src/usermod.c.passwd shadow-4.1.5.1/src/usermod.c --- shadow-4.1.5.1/src/usermod.c.passwd 2015-12-17 14:05:47.959743073 +0100 +++ shadow-4.1.5.1/src/usermod.c 2015-12-18 12:42:28.290405529 +0100 @@ -360,14 +360,17 @@ static char *new_pw_passwd (char *pw_pas strcat (buf, pw_pass); pw_pass = buf; } else if (Uflg && pw_pass[0] == '!') { - char *s; + char *s = pw_pass; - if (pw_pass[1] == '\0') { + while ('!' == *s) + ++s; + + if (*s == '\0') { fprintf (stderr, _("%s: unlocking the user's password would result in a passwordless account.\n" "You should set a password with usermod -p to unlock this user's password.\n"), Prog); - return pw_pass; + return NULL; } #ifdef WITH_AUDIT @@ -376,12 +379,15 @@ static char *new_pw_passwd (char *pw_pas user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname)); - s = pw_pass; - while ('\0' != *s) { - *s = *(s + 1); - s++; - } + memmove (pw_pass, s, strlen (s) + 1); } else if (pflg) { + if (strchr (user_pass, ':') != NULL) { + fprintf (stderr, + _("%s: The password field cannot contain a colon character.\n"), + Prog); + return NULL; + + } #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "updating-password", @@ -430,6 +436,8 @@ static void new_pwent (struct passwd *pw if ( (!is_shadow_pwd) || (strcmp (pwent->pw_passwd, SHADOW_PASSWD_STRING) != 0)) { pwent->pw_passwd = new_pw_passwd (pwent->pw_passwd); + if (pwent->pw_passwd == NULL) + fail_exit (E_PW_UPDATE); } if (uflg) { @@ -544,6 +552,8 @@ static void new_spent (struct spwd *spen * + aging has been requested */ spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp); + if (spent->sp_pwdp == NULL) + fail_exit(E_PW_UPDATE); if (pflg) { spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;