Comment 2 for bug 1187001

Hi all

I can reproduce the problem when I run saslauthd with authmech shadow:

    saslauthd -a shadow

and then try to authenticate users that have a crippled /etc/shadow entry. By crippled I mean ! or * as password entry, as for root, mail, nobody.

When I run the 2.1.25 stock source with debugging symbols in gdb with "-a shadow -n 1 -d -m /var/run/saslauthd/mux" as param, I get:

Program received signal SIGSEGV, Segmentation fault.
0xb7e6e6f1 in ?? () from /lib/i386-linux-gnu/libc.so.6
(gdb) where
#0 0xb7e6e6f1 in ?? () from /lib/i386-linux-gnu/libc.so.6
#1 0xb7e6e326 in strdup () from /lib/i386-linux-gnu/libc.so.6
#2 0x0804b910 in auth_shadow (login=0xbffff098 "root",
    password=0xbffff199 "dfsdf", service=0xbffff29a "ldap",
    realm=0xbffff39b "") at auth_shadow.c:188
#3 0x0804ed3f in do_auth (_login=_login@entry=0xbffff098 "root",
    password=password@entry=0xbffff199 "dfsdf",
    service=service@entry=0xbffff29a "ldap", realm=realm@entry=0xbffff39b "")
    at saslauthd-main.c:410
#4 0x0804dd17 in do_request (conn_fd=conn_fd@entry=9) at ipc_unix.c:426
#5 0x0804e547 in ipc_loop () at ipc_unix.c:277
#6 0x080499c1 in main (argc=8, argv=0xbffff5e4) at saslauthd-main.c:369

Offending line is:

      cpw = strdup((const char *)crypt(password, sp->sp_pwdp));

where crypt() returns NULL for the crippled shadow entries. Proposed patch:

    char *encpwd = crypt(password, sp->sp_pwdp);
    if (encpwd == NULL) {
        if (flags & VERBOSE) {
            syslog(LOG_DEBUG, "DEBUG: auth_shadow: crypt returned NULL");
        }
        RETURN("NO");
    }
    cpw = strdup((const char *)encpwd);