1 diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_unix/support.c Linux-PAM-0.99.7.1/modules/pam_unix/support.c
2 --- Linux-PAM-0.99.7.1.orig/modules/pam_unix/support.c 2007-01-23 10:41:21.000000000 +0100
3 +++ Linux-PAM-0.99.7.1/modules/pam_unix/support.c 2007-02-04 20:00:16.992352631 +0100
6 if (!strncmp(salt, "$1$", 3)) {
7 pp = Goodcrypt_md5(p, salt);
8 - if (strcmp(pp, salt) != 0) {
9 + if (pp && strcmp(pp, salt) != 0) {
11 pp = Brokencrypt_md5(p, salt);
13 } else if (*salt != '$' && salt_len >= 13) {
14 pp = bigcrypt(p, salt);
15 - if (strlen(pp) > salt_len) {
16 + if (pp && strlen(pp) > salt_len) {
21 /* the moment of truth -- do we agree with the password? */
22 D(("comparing state of pp[%s] and salt[%s]", pp, salt));
24 - if (strcmp(pp, salt) == 0) {
25 + if (pp && strcmp(pp, salt) == 0) {
28 retval = PAM_AUTH_ERR;
29 diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_unix/unix_chkpwd.c Linux-PAM-0.99.7.1/modules/pam_unix/unix_chkpwd.c
30 --- Linux-PAM-0.99.7.1.orig/modules/pam_unix/unix_chkpwd.c 2006-10-24 12:01:49.000000000 +0200
31 +++ Linux-PAM-0.99.7.1/modules/pam_unix/unix_chkpwd.c 2007-02-04 19:53:39.269687706 +0100
33 retval = PAM_AUTH_ERR;
34 if (!strncmp(salt, "$1$", 3)) {
35 pp = Goodcrypt_md5(p, salt);
36 - if (strcmp(pp, salt) == 0) {
37 + if (pp && strcmp(pp, salt) == 0) {
40 pp = Brokencrypt_md5(p, salt);
41 - if (strcmp(pp, salt) == 0)
42 + if (pp && strcmp(pp, salt) == 0)
45 } else if (*salt == '$') {
47 * Ok, we don't know the crypt algorithm, but maybe
48 * libcrypt nows about it? We should try it.
50 pp = x_strdup (crypt(p, salt));
51 - if (strcmp(pp, salt) == 0) {
52 + if (pp && strcmp(pp, salt) == 0) {
55 } else if ((*salt == '*') || (salt_len < 13)) {
57 * stored string with the subset of bigcrypt's result.
58 * Bug 521314: the strncmp comparison is for legacy support.
60 - if (strncmp(pp, salt, salt_len) == 0) {
61 + if (pp && strncmp(pp, salt, salt_len) == 0) {