$OpenBSD: patch-etc_uams_uams_passwd_c,v 1.1 2016/07/05 14:32:12 sthen Exp $
--- etc/uams/uams_passwd.c.orig	Thu Dec 11 12:27:44 2014
+++ etc/uams/uams_passwd.c	Thu Jun  9 17:34:40 2016
@@ -229,11 +229,19 @@ static int passwd_changepw(void *obj, char *username,
     pwd->pw_passwd = sp->sp_pwdp;
 #endif /* SHADOWPW */
 
+    if ((pwd = getpwnam_shadow(pwd->pw_name)) == NULL) {
+        LOG(log_info, logtype_uams,
+          "could not get shadow passwd for %s", pwd->pw_name);
+        ret = AFPERR_NOTAUTH;
+        goto exit;
+    }
+
     p = crypt(pw, pwd->pw_passwd );
-    if (strcmp( p, pwd->pw_passwd )) {
+    if ((p == NULL) || strcmp( p, pwd->pw_passwd ))) {
         memset(pw, 0, sizeof(pw));
         return AFPERR_NOTAUTH;
     }
+    memset(pwd->pw_passwd, 0, strlen(pwd->pw_passwd));
 
     /* new password */
     ibuf += PASSWDLEN;
@@ -329,6 +337,12 @@ static int passwd_printer(char	*start, char *stop, cha
     }
 
 #endif /* SHADOWPW */
+
+    if ((pwd = getpwnam_shadow(pwd->pw_name)) == NULL) {
+        LOG(log_info, logtype_uams,
+          "could not get shadow passwd for %s", pwd->pw_name);
+        return(-1);
+    }
 
     if (!pwd->pw_passwd) {
         LOG(log_info, logtype_uams, "Bad Login ClearTxtUAM: no password for %s",
