in pick_salt() avoid dereference of NULL passwords

Apparently some NIS implementations can leave pw->pw_passwd (or the shadow equivalent) NULL. bz#2909; based on patch from Todd Eigenschink
author: Damien Miller <djm@mindrot.org> 2018-10-10 14:57:00 +1100
committer: Damien Miller <djm@mindrot.org> 2018-10-10 14:57:00 +1100
commit: d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0 (patch)
tree: bd9f6991a1349aac33e657b7525fc64cda12945c
parent: edbb6febccee084d212fdc0cb05b40cb1c646ab1 (diff)
download: openssh-git-d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index c9c6283c..360b187a 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -82,7 +82,8 @@ pick_salt(void)
 	strlcpy(salt, "xx", sizeof(salt));
 	setpwent();
 	while ((pw = getpwent()) != NULL) {
-		passwd = shadow_pw(pw);
+		if ((passwd = shadow_pw(pw)) == NULL)
+			continue;
 		if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
 			typelen = p - passwd + 1;
 			strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
author	Damien Miller <djm@mindrot.org>	2018-10-10 14:57:00 +1100
committer	Damien Miller <djm@mindrot.org>	2018-10-10 14:57:00 +1100
commit	d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0 (patch)
tree	bd9f6991a1349aac33e657b7525fc64cda12945c
parent	edbb6febccee084d212fdc0cb05b40cb1c646ab1 (diff)
download	openssh-git-d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0.tar.gz