From 9cdd7270f989ceebaf9259079663e3b9c42e8c37 Mon Sep 17 00:00:00 2001
From: Aaron Jones <aaronmdjones@gmail.com>
Date: Tue, 20 Dec 2016 03:54:08 +0000
Subject: [PATCH] mkpasswd: avoid strdup(NULL) and the like if rb_crypt() fails

---
 tools/mkpasswd.c | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/tools/mkpasswd.c b/tools/mkpasswd.c
index 4f80b970..122bfab7 100644
--- a/tools/mkpasswd.c
+++ b/tools/mkpasswd.c
@@ -98,7 +98,7 @@ main(int argc, char *argv[])
 	int c;
 	char *saltpara = NULL;
 	char *salt;
-	char *hashed;
+	char *hashed, *hashed2;
 	int flag = 0;
 	int length = 0;		/* Not Set */
 	int rounds = 0;		/* Not set, since extended DES needs 25 and blowfish needs
@@ -249,10 +249,24 @@ main(int argc, char *argv[])
 	}
 	else
 	{
-		hashed = strdup(rb_crypt(getpass("plaintext: "), salt));
-		plaintext = getpass("again: ");
+		plaintext = getpass("plaintext: ");
+		hashed = rb_crypt(plaintext, salt);
+		if (!hashed)
+		{
+			fprintf(stderr, "rb_crypt() failed\n");
+			return 1;
+		}
+		hashed = strdup(hashed);
 
-		if (strcmp(rb_crypt(plaintext, salt), hashed) != 0)
+		plaintext = getpass("again: ");
+		hashed2 = rb_crypt(plaintext, salt);
+		if (!hashed2)
+		{
+			fprintf(stderr, "rb_crypt() failed\n");
+			return 1;
+		}
+
+		if (strcmp(hashed, hashed2) != 0)
 		{
 			fprintf(stderr, "Passwords do not match\n");
 			return 1;