From 1bf254df986df2ead06c2739e7c47ac89e3f0537 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Tue, 9 Feb 2016 11:54:02 +0100
Subject: [PATCH] usermod: properly return error during password manipulation

---
 shadow-4.2.1-usermod-unlock.patch | 32 +++++++++++++++++++++++++++----
 shadow-utils.spec                 |  5 ++++-
 2 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/shadow-4.2.1-usermod-unlock.patch b/shadow-4.2.1-usermod-unlock.patch
index 85403cd..19feecb 100644
--- a/shadow-4.2.1-usermod-unlock.patch
+++ b/shadow-4.2.1-usermod-unlock.patch
@@ -1,7 +1,7 @@
 diff -up shadow-4.2.1/src/usermod.c.unlock shadow-4.2.1/src/usermod.c
---- shadow-4.2.1/src/usermod.c.unlock	2014-12-01 15:14:58.000000000 +0100
-+++ shadow-4.2.1/src/usermod.c	2015-08-27 14:31:50.899712180 +0200
-@@ -455,9 +455,12 @@ static char *new_pw_passwd (char *pw_pas
+--- shadow-4.2.1/src/usermod.c.unlock	2016-02-03 11:54:14.977664838 +0100
++++ shadow-4.2.1/src/usermod.c	2016-02-09 11:52:08.244957222 +0100
+@@ -455,14 +455,17 @@ static char *new_pw_passwd (char *pw_pas
  		strcat (buf, pw_pass);
  		pw_pass = buf;
  	} else if (Uflg && pw_pass[0] == '!') {
@@ -16,6 +16,12 @@ diff -up shadow-4.2.1/src/usermod.c.unlock shadow-4.2.1/src/usermod.c
  			fprintf (stderr,
  			         _("%s: unlocking the user's password would result in a passwordless account.\n"
  			           "You should set a password with usermod -p to unlock this user's password.\n"),
+ 			         Prog);
+-			return pw_pass;
++			return NULL;
+ 		}
+ 
+ #ifdef WITH_AUDIT
 @@ -471,12 +474,15 @@ static char *new_pw_passwd (char *pw_pas
  		              user_newname, (unsigned int) user_newid, 1);
  #endif
@@ -31,9 +37,27 @@ diff -up shadow-4.2.1/src/usermod.c.unlock shadow-4.2.1/src/usermod.c
 +			fprintf (stderr,
 +			         _("%s: The password field cannot contain a colon character.\n"),
 +			         Prog);
-+			return pw_pass;
++			return NULL;
 +
 +		}
  #ifdef WITH_AUDIT
  		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
  		              "updating-password",
+@@ -525,6 +531,8 @@ static void new_pwent (struct passwd *pw
+ 	if (   (!is_shadow_pwd)
+ 	    || (strcmp (pwent->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
+ 		pwent->pw_passwd = new_pw_passwd (pwent->pw_passwd);
++		if (pwent->pw_passwd == NULL)
++			fail_exit (E_PW_UPDATE);
+ 	}
+ 
+ 	if (uflg) {
+@@ -639,6 +647,8 @@ static void new_spent (struct spwd *spen
+ 	 *  + aging has been requested
+ 	 */
+ 	spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
++	if (spent->sp_pwdp == NULL)
++		fail_exit(E_PW_UPDATE);
+ 
+ 	if (pflg) {
+ 		spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
diff --git a/shadow-utils.spec b/shadow-utils.spec
index 404d754..786443e 100644
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.2.1
-Release: 6%{?dist}
+Release: 7%{?dist}
 Epoch: 2
 URL: http://pkg-shadow.alioth.debian.org/
 Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
@@ -254,6 +254,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/vigr.8*
 
 %changelog
+* Tue Feb  9 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-7
+- usermod: properly return error during password manipulation
+
 * Wed Feb  3 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-6
 - add possibility to clear or set lastlog record for user via lastlog