When trying to execute: echo user:pw | sudo chpasswd -m a segfault is generated. As far as I can tell it's the free(pass); (in line 85) that is the reason for it.
Can't reproduce. The free is correct: pw_encrypt() returns malloced string: if (!(opt & OPT_ENC)) { crypt_make_salt(salt, 1); if (opt & OPT_MD5) { salt[0] = '$'; salt[1] = '1'; salt[2] = '$'; crypt_make_salt(salt + 3, 4); } pass = pw_encrypt(pass, salt, 0); } ... if (!(opt & OPT_ENC)) free(pass);
This bug report is a consequence of a TinyCoreLinux user complaint: http://forum.tinycorelinux.net/index.php/topic,11318 To recreate you'd need to boot TC v3.8.3 (http://distro.ibiblio.org/tinycorelinux/3.x/archive/3.8.3/tinycore_3.8.3.iso), as the current version has a patch (http://distro.ibiblio.org/tinycorelinux/3.x/release/src/busybox-1.19.0_chpasswd.patch) applied. You will have to enter in a shell a command like: echo tc:pw | sudo chpasswd -m to see a 'Segmenation fault' after the 'Password for 'tc' changed' message. BTW, this is not my patch, I only helped to narrow down the issue. I used a pretty nasty approach to pick out a "culprit": I "sprinkled" a few 'printf()' statements into the code until I was sufficiently confident to be able to put some blame on a single statement. Just looking at the code I was not able to support my finding.
Ok, I found it. Here's the fix: http://git.busybox.net/busybox/commit/?id=d2fe2ba08dd84cd7e94d1ae3e2e9c12ca2b4d561