Check for crypt() failure returning NULL.

[linux-pam] / modules / pam_unix / passverify.c

diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 52899552d6e42d20313913a7436b1f7d4bd6ee98..4840bb2dcd8c0c96dcf971cd971d365eaca46235 100644 (file)
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -424,7 +424,7 @@ PAMH_ARG_DECL(char * create_password_hash,
        }
 #endif
        sp = crypt(password, salt);
-       if (strncmp(algoid, sp, strlen(algoid)) != 0) {
+       if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
                /* libxcrypt/libc doesn't know the algorithm, use MD5 */
                pam_syslog(pamh, LOG_ERR,
                           "Algo %s not supported by the crypto backend, "
@@ -432,7 +432,9 @@ PAMH_ARG_DECL(char * create_password_hash,
                           on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
                           on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
                           on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
-               memset(sp, '\0', strlen(sp));
+               if(sp) {
+                  memset(sp, '\0', strlen(sp));
+               }
                return crypt_md5_wrapper(password);
        }