lib/encrypt.c: Do not exit in error case

If crypt fails, pw_encrypt calls exit. This has the consequence that the
plaintext password is not cleared.

A valid password can fail if the underlying library does not support it.
One such example is SHA512, for which the password must not be longer
than 256 characters on musl. A password longer than this with glibc
works, so it is actually possible that a user, running passwd, tries to
enter the old password but the musl-based passwd binary simply exits.
Let passwd clear the password before exiting.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

diff --git a/lib/encrypt.c b/lib/encrypt.c
index c84a2552fa565e12cd9d4fa81b4e034f19b9092a..9c1cb40677df9a857c6e9fc93d526d828fd4ecea 100644 (file)
--- a/lib/encrypt.c
+++ b/lib/encrypt.c
@@ -65,7 +65,8 @@
                (void) fprintf (shadow_logfd,
                                _("crypt method not supported by libcrypt? (%s)\n"),
                                method);
-               exit (EXIT_FAILURE);
+               errno = EINVAL;
+               return NULL;
        }
 
        if (strlen (cp) != 13) {