From 3744d3fb132dde6fd21266e708db687d72d8f091 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 17 Jan 2014 14:04:16 -0800
Subject: [PATCH] s3: smbpasswd - fix crashes on invalid input.

get_pass can return NULL on error. Ensure that
this is always the case and fix all callers to cope
(some already did).

Reported by Joonas Kuorilehto <joneskoo@codenomicon.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10320

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Dec 16 15:17:58 CET 2013 on sn-devel-104

(cherry picked from commit ef5a3bedab74420baf0c653cf8e304fe6c2a13b4)
---
 source3/utils/net.c         |  5 +++++
 source3/utils/passwd_util.c | 14 +++++++++-----
 source3/utils/smbpasswd.c   | 14 ++++++++++++++
 3 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/source3/utils/net.c b/source3/utils/net.c
index 3473641..1308d94 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -105,6 +105,11 @@ static int net_changesecretpw(struct net_context *c, int argc,
 		}
 
 		trust_pw = get_pass(_("Enter machine password: "), c->opt_stdin);
+		if (trust_pw == NULL) {
+			    d_fprintf(stderr,
+				      _("Error in reading machine password\n"));
+			    return 1;
+		}
 
 		if (!secrets_store_machine_password(trust_pw, lp_workgroup(), sec_channel_type)) {
 			    d_fprintf(stderr,
diff --git a/source3/utils/passwd_util.c b/source3/utils/passwd_util.c
index 5716c17..4884d63 100644
--- a/source3/utils/passwd_util.c
+++ b/source3/utils/passwd_util.c
@@ -42,11 +42,12 @@ char *stdin_new_passwd( void)
 	 * the newline that ends the password, then replace the newline with
 	 * a null terminator.
 	 */
-	if ( fgets(new_pw, sizeof(new_pw), stdin) != NULL) {
-		if ((len = strlen(new_pw)) > 0) {
-			if(new_pw[len-1] == '\n')
-				new_pw[len - 1] = 0;
-		}
+	if ( fgets(new_pw, sizeof(new_pw), stdin) == NULL) {
+		return NULL;
+	}
+	if ((len = strlen(new_pw)) > 0) {
+		if(new_pw[len-1] == '\n')
+			new_pw[len - 1] = 0;
 	}
 	return(new_pw);
 }
@@ -64,6 +65,9 @@ char *get_pass( const char *prompt, bool stdin_get)
 
 	if (stdin_get) {
 		p = stdin_new_passwd();
+		if (p == NULL) {
+			return NULL;
+		}
 	} else {
 		rc = samba_getpass(prompt, pwd, sizeof(pwd), false, false);
 		if (rc < 0) {
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index d93261e..67780ff 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -217,11 +217,17 @@ static char *prompt_for_new_password(bool stdin_get)
 	ZERO_ARRAY(new_pw);
 
 	p = get_pass("New SMB password:", stdin_get);
+	if (p == NULL) {
+		return NULL;
+	}
 
 	fstrcpy(new_pw, p);
 	SAFE_FREE(p);
 
 	p = get_pass("Retype new SMB password:", stdin_get);
+	if (p == NULL) {
+		return NULL;
+	}
 
 	if (strcmp(p, new_pw)) {
 		fprintf(stderr, "Mismatch - password unchanged.\n");
@@ -311,6 +317,10 @@ static int process_root(int local_flags)
 		printf("Setting stored password for \"%s\" in secrets.tdb\n", ldap_admin_dn);
 		if ( ! *ldap_secret ) {
 			new_passwd = prompt_for_new_password(stdin_passwd_get);
+			if (new_passwd == NULL) {
+				fprintf(stderr, "Failed to read new password!\n");
+				exit(1);
+			}
 			fstrcpy(ldap_secret, new_passwd);
 		}
 		if (!store_ldap_admin_pw(ldap_secret)) {
@@ -538,6 +548,10 @@ static int process_nonroot(int local_flags)
 
 	if (remote_machine != NULL) {
 		old_pw = get_pass("Old SMB password:",stdin_passwd_get);
+		if (old_pw == NULL) {
+			fprintf(stderr, "Unable to get old password.\n");
+			exit(1);
+		}
 	}
 
 	if (!new_passwd) {
-- 
1.8.5.2