A quick fix for ITS#598... crypt(3) crashes

diff --git a/CHANGES b/CHANGES
index 604ca89b358b97673fb0c29f15f573655977af66..d6f1e740b4e8193887f9c33aac3b2a2af998d162 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,7 @@ Changes included in OpenLDAP 1.2.12 Engineering
        Fixed ldapsearch uninitialized fp bug
        Fixed Pth initialization bug
        Fixed libldap/add mod_bvalues typo
+       Fixed ldappasswd crypt(3) crash (ITD#598)
        Build Environment
                Remove extra Digital UNIX symbol (ITS#590)
                Ignore make clean rm failure

diff --git a/clients/tools/ldappasswd.c b/clients/tools/ldappasswd.c
index 2e2ec5eaf16c7bfb86a1dcf6521e3a5986dfcd9b..e73a84b627ba013ee066cb433b1716a992c3d544 100644 (file)
--- a/clients/tools/ldappasswd.c
+++ b/clients/tools/ldappasswd.c
@@ -194,7 +194,11 @@ hash_crypt (const char *pw_in, Salt * salt)
                crypted_pw = crypt (pw_in, (char *)lsalt.salt);
                free (lsalt.salt);
        }
-       return (STRDUP (crypted_pw));
+
+       if( crypted_pw == NULL || crypted_pw[0] = '\0' )
+               return NULL;
+
+       return STRDUP(crypted_pw);
 }
 #endif
 
@@ -283,12 +287,16 @@ modify_dn (LDAP * ld, char *targetdn, char *pwattr, char *oldpw,
        hashed_pw = hashes[htype].func (newpw, salt->len ? salt : NULL);
 
        /* return salt back to it's original state */
-       if (want_salt)
-       {
+       if (want_salt) {
                free (salt->salt);
                salt->salt = NULL;
        }
 
+       if( hashed_pw == NULL || hashed_pw[0] == '\0' ) {
+               free( hashed_pw );
+               return 1;
+       }
+
        buf = (char *)malloc (hashes[htype].namesz + 3 + strlen (hashed_pw));
        if (htype)
                sprintf (buf, "{%s}%s", hashes[htype].name, hashed_pw);