diff -up cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c.null-crypt cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c

--- cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c.null-crypt	2012-01-28 00:31:36.000000000 +0100

+++ cyrus-sasl-2.1.26/pwcheck/pwcheck_getpwnam.c	2012-12-20 17:00:14.614580310 +0100

@@ -31,7 +31,7 @@ char *pwcheck(userid, password)

 char *userid;

 char *password;

 {

-    char* r;

+    char* r, *cryptbuf;

     struct passwd *pwd;

     pwd = getpwnam(userid);

@@ -41,11 +41,13 @@ char *password;

     else if (pwd->pw_passwd[0] == '*') {

 	r = "Account disabled";

     }

-    else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {

-	r = "Incorrect password";

-    }

     else {

-	r = "OK";

+	cryptbuf = crypt(password, pwd->pw_passwd);

+	if((cryptbuf == NULL) || (strcmp(pwd->pw_passwd, cryptbuf) != 0)) {

+	   r = "Incorrect password";

+	} else {

+	   r = "OK";

+	}

     }

     endpwent();

diff -up cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c.null-crypt cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c

--- cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c.null-crypt	2012-10-12 16:05:48.000000000 +0200

+++ cyrus-sasl-2.1.26/saslauthd/auth_getpwent.c	2012-12-20 17:03:17.940793653 +0100

@@ -78,6 +78,7 @@ auth_getpwent (

     /* VARIABLES */

     struct passwd *pw;			/* pointer to passwd file entry */

     int errnum;

+    char *cryptbuf;

     /* END VARIABLES */

     errno = 0;

@@ -105,7 +106,8 @@ auth_getpwent (

 	}

     }

-    if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {

+    cryptbuf = crypt(password, pw->pw_passwd);

+    if ((cryptbuf == NULL) || strcmp(pw->pw_passwd, cryptbuf)) {

 	if (flags & VERBOSE) {

 	    syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);

 	}

diff -up cyrus-sasl-2.1.26/saslauthd/auth_shadow.c.null-crypt cyrus-sasl-2.1.26/saslauthd/auth_shadow.c

--- cyrus-sasl-2.1.26/saslauthd/auth_shadow.c.null-crypt	2012-12-20 17:00:14.000000000 +0100

+++ cyrus-sasl-2.1.26/saslauthd/auth_shadow.c	2012-12-20 17:16:44.190360006 +0100

@@ -214,8 +214,8 @@ auth_shadow (

 	RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");

     }

-    cpw = strdup((const char *)crypt(password, sp->sp_pwdp));

-    if (strcmp(sp->sp_pwdp, cpw)) {

+    cpw = crypt(password, sp->sp_pwdp);

+    if ((cpw == NULL) || strcmp(sp->sp_pwdp, cpw)) {

 	if (flags & VERBOSE) {

 	    /*

 	     * This _should_ reveal the SHADOW_PW_LOCKED prefix to an

@@ -225,10 +225,8 @@ auth_shadow (

 	    syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",

 		   sp->sp_pwdp, cpw);

 	}

-	free(cpw);

 	RETURN("NO Incorrect password");

     }

-    free(cpw);

     /*

      * The following fields will be set to -1 if:

@@ -290,7 +288,8 @@ auth_shadow (

 	RETURN("NO Invalid username");

     }

-    if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {

+    cpw = crypt(password, upw->upw_passwd);

+    if ((cpw == NULL) || strcmp(upw->upw_passwd, cpw) != 0) {

 	if (flags & VERBOSE) {

 	    syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",

 		   password, upw->upw_passwd);