Blob Blame History Raw
diff -up yp-tools-2.12/src/yppasswd.c.crypt yp-tools-2.12/src/yppasswd.c
--- yp-tools-2.12/src/yppasswd.c.crypt	2012-04-23 13:01:35.599721168 +0200
+++ yp-tools-2.12/src/yppasswd.c	2012-04-23 13:16:18.251261293 +0200
@@ -448,13 +448,19 @@ verifypassword (struct passwd *pwd, char
     }
 
   passwdlen = get_passwd_len (pwd->pw_passwd);
-  if (pwd->pw_passwd[0]
+  if (pwd->pw_passwd[0] 
       && 0 != strcmp (pwd->pw_passwd, "x") /* don't check shadow passwords */
-      && !strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), passwdlen)
       && uid)
     {
-      fputs (_("You cannot reuse the old password.\n"), stderr);
-      return 0;
+      char *crypted = crypt(pwdstr, pwd->pw_passwd);
+      if(crypted == NULL) {
+        fputs (_("crypt() call failed.\n"), stderr);
+        return 0;
+      }
+      if(!strncmp (pwd->pw_passwd, crypted, passwdlen)) {
+        fputs (_("You cannot reuse the old password.\n"), stderr);
+        return 0;
+      }
     }
 
   r = 0;
@@ -772,9 +778,16 @@ main (int argc, char **argv)
 	{
 	  int passwdlen = get_passwd_len (pwd->pw_passwd);
 	  char *sane_passwd = alloca (passwdlen + 1);
+	  char *crypted;
 	  strncpy (sane_passwd, pwd->pw_passwd, passwdlen);
 	  sane_passwd[passwdlen] = 0;
-	  if (strcmp (crypt (s, sane_passwd), sane_passwd))
+	  crypted = crypt (s, sane_passwd);
+	  if(crypted == NULL)
+	    {
+	      fprintf (stderr, _("Sorry - crypt() failed.\n"));
+	      return 1;
+	    }
+	  if (strcmp (crypted, sane_passwd))
 	    {
 	      fprintf (stderr, _("Sorry.\n"));
 	      return 1;
@@ -789,6 +802,7 @@ main (int argc, char **argv)
       char *error_msg;
 #endif /* USE_CRACKLIB */
       char *buf, salt[37], *p = NULL;
+      char *crypted;
       int tries = 0;
 
       buf = (char *) malloc (129);
@@ -869,7 +883,13 @@ main (int argc, char **argv)
 	  break;
 	}
 
-      yppwd.newpw.pw_passwd = strdup (crypt (buf, salt));
+      crypted = crypt (buf, salt);
+      if(crypted == NULL) {
+	fprintf (stderr, _("Sorry - crypt() failed.\n"));
+	return 1;
+      } else {
+	yppwd.newpw.pw_passwd = strdup (crypted);
+      }
     }
 
   if (f_flag)