1 files changed, 53 insertions, 0 deletions

diff --git a/package/utils/busybox/patches/520-loginutils-handle-crypt-failures.patch b/package/utils/busybox/patches/520-loginutils-handle-crypt-failures.patch
new file mode 100644
index 0000000000..d44375426f
--- /dev/null
+++ b/package/utils/busybox/patches/520-loginutils-handle-crypt-failures.patch
@@ -0,0 +1,53 @@
+--- a/loginutils/chpasswd.c
++++ b/loginutils/chpasswd.c
+@@ -97,6 +97,11 @@ int chpasswd_main(int argc UNUSED_PARAM,
+ 
+ 			crypt_make_pw_salt(salt, algo);
+ 			free_me = pass = pw_encrypt(pass, salt, 0);
++
++			if (pass[0] == 0) {
++				free(free_me);
++				bb_perror_msg_and_die("password encryption failed");
++			}
+ 		}
+ 
+ 		/* This is rather complex: if user is not found in /etc/shadow,
+--- a/loginutils/cryptpw.c
++++ b/loginutils/cryptpw.c
+@@ -95,7 +95,7 @@ int cryptpw_main(int argc UNUSED_PARAM,
+ 	/* Supports: cryptpw -m sha256 PASS 'rounds=999999999$SALT' */
+ 	char salt[MAX_PW_SALT_LEN + sizeof("rounds=999999999$")];
+ 	char *salt_ptr;
+-	char *password;
++	char *password, *hash;
+ 	const char *opt_m, *opt_S;
+ 	int fd;
+ 
+@@ -140,8 +140,12 @@ int cryptpw_main(int argc UNUSED_PARAM,
+ 		/* may still be NULL on EOF/error */
+ 	}
+ 
+-	if (password)
+-		puts(pw_encrypt(password, salt, 1));
++	if (password) {
++		hash = pw_encrypt(password, salt, 1);
++		if (hash[0] == 0)
++			bb_perror_msg_and_die("password encryption failed");
++		puts(hash);
++	}
+ 
+ 	return EXIT_SUCCESS;
+ }
+--- a/loginutils/passwd.c
++++ b/loginutils/passwd.c
+@@ -187,6 +187,10 @@ int passwd_main(int argc UNUSED_PARAM, c
+ 		if (!newp) {
+ 			logmode = LOGMODE_STDIO;
+ 			bb_error_msg_and_die("password for %s is unchanged", name);
++		} else if (newp[0] == 0) {
++			logmode = LOGMODE_STDIO;
++			free(newp);
++			bb_perror_msg_and_die("password encryption failed");
+ 		}
+ 	} else if (opt & OPT_lock) {
+ 		if (!c)