From 1381e63d6caac1d5d064b60f6e2cb11bf0608e14 Mon Sep 17 00:00:00 2001
From: kevlo <kevlo@FreeBSD.org>
Date: Wed, 22 Feb 2012 06:27:20 +0000
Subject: Handle NULL return from crypt(3). Mostly from DragonFly

---
 sbin/init/init.c                          | 3 ++-
 usr.bin/chkey/chkey.c                     | 6 +++++-
 usr.bin/enigma/enigma.c                   | 8 +++++++-
 usr.bin/lock/lock.c                       | 5 +++--
 usr.bin/newgrp/newgrp.c                   | 8 +++++---
 usr.sbin/ppp/auth.c                       | 4 +++-
 usr.sbin/pw/pw_user.c                     | 6 +++++-
 usr.sbin/rpc.yppasswdd/yppasswdd_server.c | 5 +++--
 8 files changed, 33 insertions(+), 12 deletions(-)

diff --git a/sbin/init/init.c b/sbin/init/init.c
index e936a78..3167503 100644
--- a/sbin/init/init.c
+++ b/sbin/init/init.c
@@ -657,7 +657,8 @@ single_user(void)
 					_exit(0);
 				password = crypt(clear, pp->pw_passwd);
 				bzero(clear, _PASSWORD_LEN);
-				if (strcmp(password, pp->pw_passwd) == 0)
+				if (password == NULL || 
+				    strcmp(password, pp->pw_passwd) == 0)
 					break;
 				warning("single-user login failed\n");
 			}
diff --git a/usr.bin/chkey/chkey.c b/usr.bin/chkey/chkey.c
index 3098271..4751a28 100644
--- a/usr.bin/chkey/chkey.c
+++ b/usr.bin/chkey/chkey.c
@@ -94,6 +94,9 @@ main(int argc, char **argv)
 #ifdef YP
 	char *master;
 #endif
+#ifdef YPPASSWD
+	char *cryptpw;
+#endif
 
 	while ((ch = getopt(argc, argv, "f")) != -1)
 		switch(ch) {
@@ -149,7 +152,8 @@ main(int argc, char **argv)
 	pass = getpass("Password:");
 #ifdef YPPASSWD
 	if (!force) {
-		if (strcmp(crypt(pass, pw->pw_passwd), pw->pw_passwd) != 0)
+		cryptpw = crypt(pass, pw->pw_passwd);
+		if (cryptpw == NULL || strcmp(cryptpw, pw->pw_passwd) != 0)
 			errx(1, "invalid password");
 	}
 #else
diff --git a/usr.bin/enigma/enigma.c b/usr.bin/enigma/enigma.c
index 49cb006..893766e 100644
--- a/usr.bin/enigma/enigma.c
+++ b/usr.bin/enigma/enigma.c
@@ -41,9 +41,15 @@ setup(char *pw)
 	char salt[3];
 	unsigned rnd;
 	int32_t seed;
+	char *cryptpw;
 
 	strlcpy(salt, pw, sizeof(salt));
-	memcpy(buf, crypt(pw, salt), sizeof(buf));
+	cryptpw = crypt(pw, salt);
+	if (cryptpw == NULL) {
+		fprintf(stderr, "crypt(3) failure\n");
+		exit(1);
+	}
+	memcpy(buf, cryptpw, sizeof(buf));
 	seed = 123;
 	for (i=0; i<13; i++)
 		seed = seed*buf[i] + i;
diff --git a/usr.bin/lock/lock.c b/usr.bin/lock/lock.c
index 2f26171..3f23a98 100644
--- a/usr.bin/lock/lock.c
+++ b/usr.bin/lock/lock.c
@@ -94,7 +94,7 @@ main(int argc, char **argv)
 	struct itimerval ntimer, otimer;
 	struct tm *timp;
 	int ch, failures, sectimeout, usemine, vtylock;
-	char *ap, *mypw, *ttynam, *tzn;
+	char *ap, *cryptpw, *mypw, *ttynam, *tzn;
 	char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ];
 
 	openlog("lock", LOG_ODELAY, LOG_AUTH);
@@ -222,7 +222,8 @@ main(int argc, char **argv)
 		}
 		if (usemine) {
 			s[strlen(s) - 1] = '\0';
-			if (!strcmp(mypw, crypt(s, mypw)))
+			cryptpw = crypt(s, mypw);
+			if (cryptpw == NULL || !strcmp(mypw, cryptpw))
 				break;
 		}
 		else if (!strcmp(s, s1))
diff --git a/usr.bin/newgrp/newgrp.c b/usr.bin/newgrp/newgrp.c
index 751e8be..b3f6103 100644
--- a/usr.bin/newgrp/newgrp.c
+++ b/usr.bin/newgrp/newgrp.c
@@ -151,7 +151,7 @@ addgroup(const char *grpname)
 	int dbmember, i, ngrps;
 	gid_t egid;
 	struct group *grp;
-	char *ep, *pass;
+	char *ep, *pass, *cryptpw;
 	char **p;
 
 	egid = getegid();
@@ -178,8 +178,10 @@ addgroup(const char *grpname)
 		}
 	if (!dbmember && *grp->gr_passwd != '\0' && getuid() != 0) {
 		pass = getpass("Password:");
-		if (pass == NULL ||
-		    strcmp(grp->gr_passwd, crypt(pass, grp->gr_passwd)) != 0) {
+		if (pass == NULL)
+			return;
+		cryptpw = crypt(pass, grp->gr_passwd);
+		if (cryptpw == NULL || strcmp(grp->gr_passwd, cryptpw) != 0) {
 			fprintf(stderr, "Sorry\n");
 			return;
 		}
diff --git a/usr.sbin/ppp/auth.c b/usr.sbin/ppp/auth.c
index 66a3de7..fbfc929 100644
--- a/usr.sbin/ppp/auth.c
+++ b/usr.sbin/ppp/auth.c
@@ -126,9 +126,11 @@ auth_CheckPasswd(const char *name, const char *data, const char *key)
     /* Then look up the real password database */
     struct passwd *pw;
     int result;
+    char *cryptpw;
 
+    cryptpw = crypt(key, pw->pw_passwd);
     result = (pw = getpwnam(name)) &&
-             !strcmp(crypt(key, pw->pw_passwd), pw->pw_passwd);
+             (cryptpw == NULL || !strcmp(cryptpw, pw->pw_passwd));
     endpwent();
     return result;
 #else /* !NOPAM */
diff --git a/usr.sbin/pw/pw_user.c b/usr.sbin/pw/pw_user.c
index 0001a41..b59789c 100644
--- a/usr.sbin/pw/pw_user.c
+++ b/usr.sbin/pw/pw_user.c
@@ -1028,6 +1028,7 @@ pw_pwcrypt(char *password)
 {
 	int             i;
 	char            salt[SALTSIZE + 1];
+	char		*cryptpw;
 
 	static char     buf[256];
 
@@ -1038,7 +1039,10 @@ pw_pwcrypt(char *password)
 		salt[i] = chars[arc4random_uniform(sizeof(chars) - 1)];
 	salt[SALTSIZE] = '\0';
 
-	return strcpy(buf, crypt(password, salt));
+	cryptpw = crypt(password, salt);
+	if (cryptpw == NULL)
+		errx(EX_CONFIG, "crypt(3) failure");
+	return strcpy(buf, cryptpw);
 }
 
 
diff --git a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
index 446b130..0260e4c 100644
--- a/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
+++ b/usr.sbin/rpc.yppasswdd/yppasswdd_server.c
@@ -460,6 +460,7 @@ yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp)
 	int passwd_changed = 0;
 	int shell_changed = 0;
 	int gecos_changed = 0;
+	char *cryptpw;
 	char *oldshell = NULL;
 	char *oldgecos = NULL;
 	char *passfile_hold;
@@ -537,8 +538,8 @@ yppasswdproc_update_1_svc(yppasswd *argp, struct svc_req *rqstp)
 
 	/* Step 2: check that the supplied oldpass is valid. */
 
-	if (strcmp(crypt(argp->oldpass, yp_password.pw_passwd),
-					yp_password.pw_passwd)) {
+	cryptpw = crypt(argp->oldpass, yp_password.pw_passwd);
+	if (cryptpw == NULL || strcmp(cryptpw, yp_password.pw_passwd)) {
 		yp_error("rejected change attempt -- bad password");
 		yp_error("client address: %s username: %s",
 			  inet_ntoa(rqhost->sin_addr),
-- 
cgit v1.1