# HG changeset patch
# User Todd C. Miller <Todd.Miller@courtesan.com>
# Date 1424378476 25200
# Node ID e6c5155c44e59c0060b8aceed5ca1a5b74b5f450
# Parent  764a5b003c475f06b8cead092632a41672cbebcd
Check for crypt() returning NULL. Traditionally, crypt() never
returned NULL but newer versions of eglibc have a crypt() that does.
Bug #598

diff -r 764a5b003c47 -r e6c5155c44e5 auth/passwd.c
--- a/auth/passwd.c	Tue Feb 10 10:10:16 2015 -0700
+++ b/auth/passwd.c	Thu Feb 19 13:41:16 2015 -0700
@@ -73,14 +73,14 @@
     char sav, *epass;
     char *pw_epasswd = auth->data;
     size_t pw_len;
-    int error;
+    int matched = 0;
 
     pw_len = strlen(pw_epasswd);
 
 #ifdef HAVE_GETAUTHUID
     /* Ultrix shadow passwords may use crypt16() */
-    error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd));
-    if (!error)
+    epass = (char *) crypt16(pass, pw_epasswd);
+    if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
 	return AUTH_SUCCESS;
 #endif /* HAVE_GETAUTHUID */
 
@@ -99,12 +99,14 @@
      */
     epass = (char *) crypt(pass, pw_epasswd);
     pass[8] = sav;
-    if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
-	error = strncmp(pw_epasswd, epass, DESLEN);
-    else
-	error = strcmp(pw_epasswd, epass);
+    if (epass != NULL) {
+	if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
+	    matched = !strncmp(pw_epasswd, epass, DESLEN);
+	else
+	    matched = !strcmp(pw_epasswd, epass);
+    }
 
-    return error ? AUTH_FAILURE : AUTH_SUCCESS;
+    return matched ? AUTH_SUCCESS : AUTH_FAILURE;
 }
 
 int
diff -r 764a5b003c47 -r e6c5155c44e5 auth/secureware.c
--- a/auth/secureware.c	Tue Feb 10 10:10:16 2015 -0700
+++ b/auth/secureware.c	Thu Feb 19 13:41:16 2015 -0700
@@ -76,27 +76,25 @@
     sudo_auth *auth;
 {
     char *pw_epasswd = auth->data;
+    char *epass = NULL;
 #ifdef __alpha
     extern int crypt_type;
 
-#  ifdef HAVE_DISPCRYPT
-    if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0)
-	return AUTH_SUCCESS;
-#  else
-    if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
-	if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
-	    return AUTH_SUCCESS;
-    } else if (crypt_type == AUTH_CRYPT_CRYPT16) {
-	if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0)
-	    return AUTH_SUCCESS;
-    }
-#  endif /* HAVE_DISPCRYPT */
+# ifdef HAVE_DISPCRYPT
+    epass = dispcrypt(pass, pw_epasswd, crypt_type);
+# else
+    if (crypt_type == AUTH_CRYPT_BIGCRYPT)
+	epass = bigcrypt(pass, pw_epasswd);
+    else if (crypt_type == AUTH_CRYPT_CRYPT16)
+	epass = crypt(pass, pw_epasswd);
+# endif /* HAVE_DISPCRYPT */
 #elif defined(HAVE_BIGCRYPT)
-    if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
-	return AUTH_SUCCESS;
+    epass = bigcrypt(pass, pw_epasswd);
 #endif /* __alpha */
 
-	return AUTH_FAILURE;
+    if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
+	return AUTH_SUCCESS;
+    return AUTH_FAILURE;
 }
 
 int