in pick_salt() avoid dereference of NULL passwords

Apparently some NIS implementations can leave pw->pw_passwd (or the
shadow equivalent) NULL.

bz#2909; based on patch from Todd Eigenschink
This commit is contained in:
Damien Miller 2018-10-10 14:57:00 +11:00
parent edbb6febcc
commit d1d301a1dd
1 changed files with 2 additions and 1 deletions

View File

@ -82,7 +82,8 @@ pick_salt(void)
strlcpy(salt, "xx", sizeof(salt));
setpwent();
while ((pw = getpwent()) != NULL) {
passwd = shadow_pw(pw);
if ((passwd = shadow_pw(pw)) == NULL)
continue;
if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
typelen = p - passwd + 1;
strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));