in pick_salt() avoid dereference of NULL passwords
Apparently some NIS implementations can leave pw->pw_passwd (or the
shadow equivalent) NULL.
bz#2909; based on patch from Todd Eigenschink
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index c9c6283..360b187 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -82,7 +82,8 @@
strlcpy(salt, "xx", sizeof(salt));
setpwent();
while ((pw = getpwent()) != NULL) {
- passwd = shadow_pw(pw);
+ if ((passwd = shadow_pw(pw)) == NULL)
+ continue;
if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
typelen = p - passwd + 1;
strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));