From d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 10 Oct 2018 14:57:00 +1100
Subject: [PATCH 064/294] in pick_salt() avoid dereference of NULL passwords

Apparently some NIS implementations can leave pw->pw_passwd (or the
shadow equivalent) NULL.

bz#2909; based on patch from Todd Eigenschink
---
 openbsd-compat/xcrypt.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index c9c6283..360b187 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -82,7 +82,8 @@ pick_salt(void)
 	strlcpy(salt, "xx", sizeof(salt));
 	setpwent();
 	while ((pw = getpwent()) != NULL) {
-		passwd = shadow_pw(pw);
+		if ((passwd = shadow_pw(pw)) == NULL)
+			continue;
 		if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
 			typelen = p - passwd + 1;
 			strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
-- 
1.8.3.1