$OpenBSD: patch-etc_uams_uams_dhx2_passwd_c,v 1.1 2016/07/05 14:32:12 sthen Exp $
--- etc/uams/uams_dhx2_passwd.c.orig	Thu Dec 11 12:27:44 2014
+++ etc/uams/uams_dhx2_passwd.c	Tue Jul  5 15:27:04 2016
@@ -545,12 +545,20 @@ static int logincont2(void *obj _U_, struct passwd **u
     /* ---- Start authentication --- */
     ret = AFPERR_NOTAUTH;
 
+    if ((dhxpwd = getpwnam_shadow(dhxpwd->pw_name)) == NULL) {
+        LOG(log_info, logtype_uams,
+          "could not get shadow passwd for %s", dhxpwd->pw_name);
+        ret = AFPERR_NOTAUTH;
+        goto exit;
+    }
+
     p = crypt( ibuf, dhxpwd->pw_passwd );
     memset(ibuf, 0, 255);
-    if ( strcmp( p, dhxpwd->pw_passwd ) == 0 ) {
+    if ( (p != NULL) && (strcmp( p, dhxpwd->pw_passwd ) == 0) ) {
         *uam_pwd = dhxpwd;
         ret = AFP_OK;
     }
+    memset(dhxpwd->pw_passwd, 0, strlen(dhxpwd->pw_passwd));
 
 #ifdef SHADOWPW
     if (( sp = getspnam( dhxpwd->pw_name )) == NULL ) {
