Patch from Paul Wouters to handle crypt() returning NULL

Resolves: #814803

yp-tools-2.12-crypt.patch

@@ -0,0 +1,68 @@
+diff -up yp-tools-2.12/src/yppasswd.c.crypt yp-tools-2.12/src/yppasswd.c
+--- yp-tools-2.12/src/yppasswd.c.crypt	2012-04-23 13:01:35.599721168 +0200
++++ yp-tools-2.12/src/yppasswd.c	2012-04-23 13:16:18.251261293 +0200
+@@ -448,13 +448,19 @@ verifypassword (struct passwd *pwd, char
+     }
+ 
+   passwdlen = get_passwd_len (pwd->pw_passwd);
+-  if (pwd->pw_passwd[0]
++  if (pwd->pw_passwd[0] 
+       && 0 != strcmp (pwd->pw_passwd, "x") /* don't check shadow passwords */
+-      && !strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), passwdlen)
+       && uid)
+     {
+-      fputs (_("You cannot reuse the old password.\n"), stderr);
+-      return 0;
++      char *crypted = crypt(pwdstr, pwd->pw_passwd);
++      if(crypted == NULL) {
++        fputs (_("crypt() call failed.\n"), stderr);
++        return 0;
++      }
++      if(!strncmp (pwd->pw_passwd, crypted, passwdlen)) {
++        fputs (_("You cannot reuse the old password.\n"), stderr);
++        return 0;
++      }
+     }
+ 
+   r = 0;
+@@ -772,9 +778,16 @@ main (int argc, char **argv)
+ 	{
+ 	  int passwdlen = get_passwd_len (pwd->pw_passwd);
+ 	  char *sane_passwd = alloca (passwdlen + 1);
++	  char *crypted;
+ 	  strncpy (sane_passwd, pwd->pw_passwd, passwdlen);
+ 	  sane_passwd[passwdlen] = 0;
+-	  if (strcmp (crypt (s, sane_passwd), sane_passwd))
++	  crypted = crypt (s, sane_passwd);
++	  if(crypted == NULL)
++	    {
++	      fprintf (stderr, _("Sorry - crypt() failed.\n"));
++	      return 1;
++	    }
++	  if (strcmp (crypted, sane_passwd))
+ 	    {
+ 	      fprintf (stderr, _("Sorry.\n"));
+ 	      return 1;
+@@ -789,6 +802,7 @@ main (int argc, char **argv)
+       char *error_msg;
+ #endif /* USE_CRACKLIB */
+       char *buf, salt[37], *p = NULL;
++      char *crypted;
+       int tries = 0;
+ 
+       buf = (char *) malloc (129);
+@@ -869,7 +883,13 @@ main (int argc, char **argv)
+ 	  break;
+ 	}
+ 
+-      yppwd.newpw.pw_passwd = strdup (crypt (buf, salt));
++      crypted = crypt (buf, salt);
++      if(crypted == NULL) {
++	fprintf (stderr, _("Sorry - crypt() failed.\n"));
++	return 1;
++      } else {
++	yppwd.newpw.pw_passwd = strdup (crypted);
++      }
+     }
+ 
+   if (f_flag)

yp-tools.spec

@@ -1,7 +1,7 @@
 Summary: NIS (or YP) client programs
 Name: yp-tools
 Version: 2.12
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: GPLv2
 Group: System Environment/Base
 Source: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/yp-tools-%{version}.tar.bz2
@@ -10,6 +10,7 @@ Patch0: yp-tools-2.11-shadow.patch
 Patch1: yp-tools-2.12-typo.patch
 Patch2: yp-tools-2.12-gethost.patch
 Patch3: yp-tools-2.12-hash.patch
+Patch4: yp-tools-2.12-crypt.patch
 Url: http://www.linux-nis.org/nis/yp-tools/index.html
 Requires: ypbind
 
@@ -39,6 +40,7 @@ you'll need to install the ypserv package on one machine on the network.
 %patch1 -p1 -b .typo
 %patch2 -p1 -b .gethost
 %patch3 -p1 -b .hash
+%patch4 -p1 -b .crypt
 
 %build
 %configure --disable-domainname
@@ -60,6 +62,10 @@ make DESTDIR="$RPM_BUILD_ROOT" INSTALL_PROGRAM=install install
 /var/yp/nicknames
 
 %changelog
+* Mon Apr 23 2012 Honza Horak <hhorak@redhat.com> - 2.12-9
+- Patch from Paul Wouters to handle crypt() returning NULL
+  Resolves: #814803
+
 * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.12-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild