diff -up shadow-4.1.5.1/lib/encrypt.c.crypt-null shadow-4.1.5.1/lib/encrypt.c

--- shadow-4.1.5.1/lib/encrypt.c.crypt-null	2010-08-22 15:05:02.000000000 +0200

+++ shadow-4.1.5.1/lib/encrypt.c	2013-07-25 12:27:30.438355782 +0200

@@ -49,11 +49,10 @@

 	if (!cp) {

 		/*

 		 * Single Unix Spec: crypt() may return a null pointer,

-		 * and set errno to indicate an error.  The caller doesn't

-		 * expect us to return NULL, so...

+		 * and set errno to indicate an error. In this case return

+		 * the NULL so the caller can handle appropriately.

 		 */

-		perror ("crypt");

-		exit (EXIT_FAILURE);

+		return cp;

 	}

 	/* The GNU crypt does not return NULL if the algorithm is not

diff -up shadow-4.1.5.1/libmisc/valid.c.crypt-null shadow-4.1.5.1/libmisc/valid.c

--- shadow-4.1.5.1/libmisc/valid.c.crypt-null	2010-08-22 21:14:41.000000000 +0200

+++ shadow-4.1.5.1/libmisc/valid.c	2013-07-25 12:27:30.440355847 +0200

@@ -95,6 +95,7 @@ bool valid (const char *password, const

 	 */

 	if (   (NULL != ent->pw_name)

+	    && (NULL != encrypted)

 	    && (strcmp (encrypted, ent->pw_passwd) == 0)) {

 		return true;

 	} else {

diff -up shadow-4.1.5.1/lib/pwauth.c.crypt-null shadow-4.1.5.1/lib/pwauth.c

--- shadow-4.1.5.1/lib/pwauth.c.crypt-null	2009-07-13 00:24:48.000000000 +0200

+++ shadow-4.1.5.1/lib/pwauth.c	2013-07-25 12:27:30.438355782 +0200

@@ -73,6 +73,7 @@ int pw_auth (const char *cipher,

 	char prompt[1024];

 	char *clear = NULL;

 	const char *cp;

+	const char *encrypted;

 	int retval;

 #ifdef	SKEY

@@ -177,7 +178,11 @@ int pw_auth (const char *cipher,

 	 * the results there as well.

 	 */

-	retval = strcmp (pw_encrypt (input, cipher), cipher);

+	encrypted = pw_encrypt (input, cipher);

+	if (encrypted!=NULL)

+		retval = strcmp (encrypted, cipher);

+	else

+		retval = -1;

 #ifdef  SKEY

 	/*

diff -up shadow-4.1.5.1/src/chgpasswd.c.crypt-null shadow-4.1.5.1/src/chgpasswd.c

--- shadow-4.1.5.1/src/chgpasswd.c.crypt-null	2011-12-09 22:31:40.000000000 +0100

+++ shadow-4.1.5.1/src/chgpasswd.c	2013-07-25 12:27:30.440355847 +0200

@@ -469,6 +469,10 @@ int main (int argc, char **argv)

 #endif

 			cp = pw_encrypt (newpwd,

 			                 crypt_make_salt (crypt_method, arg));

+			if (cp == NULL) {

+				perror ("crypt");

+				exit (EXIT_FAILURE);

+			}	

 		}

 		/*

diff -up shadow-4.1.5.1/src/chpasswd.c.crypt-null shadow-4.1.5.1/src/chpasswd.c

--- shadow-4.1.5.1/src/chpasswd.c.crypt-null	2011-12-09 22:31:40.000000000 +0100

+++ shadow-4.1.5.1/src/chpasswd.c	2013-07-25 12:27:30.440355847 +0200

@@ -492,6 +492,10 @@ int main (int argc, char **argv)

 #endif

 			cp = pw_encrypt (newpwd,

 			                 crypt_make_salt(crypt_method, arg));

+			if (cp == NULL) {

+				perror ("crypt");

+				exit (EXIT_FAILURE);

+			}

 		}

 		/*

diff -up shadow-4.1.5.1/src/gpasswd.c.crypt-null shadow-4.1.5.1/src/gpasswd.c

--- shadow-4.1.5.1/src/gpasswd.c.crypt-null	2011-11-19 23:55:04.000000000 +0100

+++ shadow-4.1.5.1/src/gpasswd.c	2013-07-25 12:27:30.441355866 +0200

@@ -939,6 +939,10 @@ static void change_passwd (struct group

 	}

 	cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));

+	if (cp==NULL) {

+		perror ("crypt");

+		exit (EXIT_FAILURE);

+	}

 	memzero (pass, sizeof pass);

 #ifdef SHADOWGRP

 	if (is_shadowgrp) {

diff -up shadow-4.1.5.1/src/newgrp.c.crypt-null shadow-4.1.5.1/src/newgrp.c

--- shadow-4.1.5.1/src/newgrp.c.crypt-null	2011-07-30 03:50:01.000000000 +0200

+++ shadow-4.1.5.1/src/newgrp.c	2013-07-25 12:27:30.442355881 +0200

@@ -184,7 +184,8 @@ static void check_perms (const struct gr

 		cpasswd = pw_encrypt (cp, grp->gr_passwd);

 		strzero (cp);

-		if (grp->gr_passwd[0] == '\0' ||

+		if (cpasswd == NULL ||

+		    grp->gr_passwd[0] == '\0' ||

 		    strcmp (cpasswd, grp->gr_passwd) != 0) {

 #ifdef WITH_AUDIT

 			snprintf (audit_buf, sizeof(audit_buf),

diff -up shadow-4.1.5.1/src/newusers.c.crypt-null shadow-4.1.5.1/src/newusers.c

--- shadow-4.1.5.1/src/newusers.c.crypt-null	2011-12-09 22:31:40.000000000 +0100

+++ shadow-4.1.5.1/src/newusers.c	2013-07-25 12:27:30.442355881 +0200

@@ -387,6 +387,7 @@ static int add_user (const char *name, u

 static void update_passwd (struct passwd *pwd, const char *password)

 {

 	void *crypt_arg = NULL;

+	char *cp;

 	if (crypt_method != NULL) {

 #ifdef USE_SHA_CRYPT

 		if (sflg) {

@@ -398,9 +399,13 @@ static void update_passwd (struct passwd

 	if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) {

 		pwd->pw_passwd = (char *)password;

 	} else {

-		pwd->pw_passwd = pw_encrypt (password,

-		                             crypt_make_salt (crypt_method,

-		                                              crypt_arg));

+		cp=pw_encrypt (password, crypt_make_salt (crypt_method, 

+		                                          crypt_arg));

+		if (cp == NULL) {

+			perror ("crypt");

+			exit (EXIT_FAILURE);

+		}

+		pwd->pw_passwd = cp;

 	}

 }

 #endif				/* !USE_PAM */

@@ -412,6 +417,7 @@ static int add_passwd (struct passwd *pw

 {

 	const struct spwd *sp;

 	struct spwd spent;

+	char *cp;

 #ifndef USE_PAM

 	void *crypt_arg = NULL;

@@ -448,7 +454,12 @@ static int add_passwd (struct passwd *pw

 		} else {

 			const char *salt = crypt_make_salt (crypt_method,

 			                                    crypt_arg);

-			spent.sp_pwdp = pw_encrypt (password, salt);

+			cp = pw_encrypt (password, salt);

+			if (cp == NULL) {

+				perror ("crypt");

+				exit (EXIT_FAILURE);

+			}

+			spent.sp_pwdp = cp;

 		}

 		spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;

 		if (0 == spent.sp_lstchg) {

@@ -492,7 +503,12 @@ static int add_passwd (struct passwd *pw

 		spent.sp_pwdp = (char *)password;

 	} else {

 		const char *salt = crypt_make_salt (crypt_method, crypt_arg);

-		spent.sp_pwdp = pw_encrypt (password, salt);

+		cp = pw_encrypt (password, salt);

+		if (cp == NULL) {

+			perror ("crypt");

+			exit (EXIT_FAILURE);

+		}

+		spent.sp_pwdp = cp;

 	}

 #else

 	/*

diff -up shadow-4.1.5.1/src/passwd.c.crypt-null shadow-4.1.5.1/src/passwd.c

--- shadow-4.1.5.1/src/passwd.c.crypt-null	2012-02-13 21:32:01.000000000 +0100

+++ shadow-4.1.5.1/src/passwd.c	2013-07-25 12:27:30.443355896 +0200

@@ -242,7 +242,7 @@ static int new_password (const struct pa

 		}

 		cipher = pw_encrypt (clear, crypt_passwd);

-		if (strcmp (cipher, crypt_passwd) != 0) {

+		if ((cipher == NULL) || (strcmp (cipher, crypt_passwd) != 0)) {

 			strzero (clear);

 			strzero (cipher);

 			SYSLOG ((LOG_WARN, "incorrect password for %s",

@@ -349,6 +349,10 @@ static int new_password (const struct pa

 	 * Encrypt the password, then wipe the cleartext password.

 	 */

 	cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));

+	if (cp == NULL) {

+		perror ("crypt");

+		exit (EXIT_FAILURE);

+	}

 	memzero (pass, sizeof pass);

 #ifdef HAVE_LIBCRACK_HIST