From 1ea677a6251194950bf0d82901fc87e1be5e6a38 Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Wed, 18 Feb 2015 18:50:51 -0800
Subject: [PATCH] basic_nis_auth: fail authentication on crypt() failures

... instead of crashing the helper.

"
Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL (w/
NULL return) if the salt violates specifications. Additionally, on
FIPS-140 enabled Linux systems, DES or MD5 encrypted passwords passed to
crypt() fail with EPERM (w/ NULL return).
"
---
 helpers/basic_auth/NIS/basic_nis_auth.cc | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/helpers/basic_auth/NIS/basic_nis_auth.cc b/helpers/basic_auth/NIS/basic_nis_auth.cc
index 658c52ee3d..968a99535e 100644
--- a/helpers/basic_auth/NIS/basic_nis_auth.cc
+++ b/helpers/basic_auth/NIS/basic_nis_auth.cc
@@ -73,20 +73,22 @@ main(int argc, char **argv)
         if (!nispasswd) {
             /* User does not exist */
             printf("ERR No such user\n");
+            continue;
+        }
+
 #if HAVE_CRYPT
-        } else if (strcmp(nispasswd, (char *) crypt(passwd, nispasswd)) == 0) {
+        char *crypted = NULL;
+        if ((crypted = crypt(passwd, nispasswd)) && strcmp(nispasswd, crypted) == 0) {
             /* All ok !, thanks... */
             printf("OK\n");
         } else {
             /* Password incorrect */
             printf("ERR Wrong password\n");
-#else
         }
-        else {
-            /* Password incorrect */
-            printf("BH message=\"Missing crypto capability\"\n");
+#else
+        /* Password incorrect */
+        printf("BH message=\"Missing crypto capability\"\n");
 #endif
-        }
     }
     exit(0);
 }
-- 
2.47.2