chpasswd: fix possible free() or non-allocated string. +8 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

loginutils/chpasswd.c

@@ -33,9 +33,8 @@ static const char chpasswd_longopts[] ALIGN1 =
 int chpasswd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int chpasswd_main(int argc UNUSED_PARAM, char **argv)
 {
-	char *name, *pass;
-	char salt[sizeof("$N$XXXXXXXX")];
-	int opt, rc;
+	char *name;
+	int opt;
 
 	if (getuid() != 0)
 		bb_error_msg_and_die(bb_msg_perm_denied_are_you_root);
@@ -45,6 +44,10 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
 	opt = getopt32(argv, "em");
 
 	while ((name = xmalloc_fgetline(stdin)) != NULL) {
+		char *free_me;
+		char *pass;
+		int rc;
+
 		pass = strchr(name, ':');
 		if (!pass)
 			bb_error_msg_and_die("missing new password");
@@ -52,7 +55,10 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
 
 		xuname2uid(name); /* dies if there is no such user */
 
+		free_me = NULL;
 		if (!(opt & OPT_ENC)) {
+			char salt[sizeof("$N$XXXXXXXX")];
+
 			crypt_make_salt(salt, 1);
 			if (opt & OPT_MD5) {
 				salt[0] = '$';
@@ -60,7 +66,7 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
 				salt[2] = '$';
 				crypt_make_salt(salt + 3, 4);
 			}
-			pass = pw_encrypt(pass, salt, 0);
+			free_me = pass = pw_encrypt(pass, salt, 0);
 		}
 
 		/* This is rather complex: if user is not found in /etc/shadow,
@@ -81,8 +87,7 @@ int chpasswd_main(int argc UNUSED_PARAM, char **argv)
 			bb_info_msg("Password for '%s' changed", name);
 		logmode = LOGMODE_STDIO;
 		free(name);
-		if (!(opt & OPT_ENC))
-			free(pass);
+		free(free_me);
 	}
 	return EXIT_SUCCESS;
 }