--- orig-getspwuid.c	Tue May  9 09:10:42 2000
+++ getspwuid.c	Thu May 10 08:16:59 2001
@@ -118,26 +118,26 @@
 
     return(pw_shell);
 }
 
 /*
- * Return the encrypted password for the user described by pw.  If shadow
- * passwords are in use, look in the shadow file.
+ * Return a copy of the encrypted password for the user described by pw.  If
+ * shadow passwords are in use, look in the shadow file.
  */
 char *
 sudo_getepw(pw)
     struct passwd *pw;
 {
 
     /* If there is a function to check for shadow enabled, use it... */
 #ifdef HAVE_ISCOMSEC
     if (!iscomsec())
-	return(pw->pw_passwd);
+	return(estrdup(pw->pw_passwd));
 #endif /* HAVE_ISCOMSEC */
 #ifdef HAVE_ISSECURE
     if (!issecure())
-	return(pw->pw_passwd);
+	return(estrdup(pw->pw_passwd));
 #endif /* HAVE_ISSECURE */
 
 #ifdef HAVE_GETPRPWNAM
     {
 	struct pr_passwd *spw;
@@ -145,49 +145,55 @@
 	spw = getprpwnam(pw->pw_name);
 	if (spw != NULL && spw->ufld.fd_encrypt != NULL) {
 # ifdef __alpha
 	    crypt_type = spw->ufld.fd_oldcrypt;
 # endif /* __alpha */
-	    return(spw->ufld.fd_encrypt);
+	    return(estrdup(spw->ufld.fd_encrypt));
 	}
     }
 #endif /* HAVE_GETPRPWNAM */
 #ifdef HAVE_GETSPNAM
     {
 	struct spwd *spw;
 
-	if ((spw = getspnam(pw->pw_name)) && spw->sp_pwdp)
-	    return(spw->sp_pwdp);
+	setspent();
+	spw = getspnam(pw->pw_name);
+	if (spw) {
+	    char *s = estrdup(spw->sp_pwdp);
+	    endspent();
+	    return (s);
+	}
+	endspent();
     }
 #endif /* HAVE_GETSPNAM */
 #ifdef HAVE_GETSPWUID
     {
 	struct s_passwd *spw;
 
 	if ((spw = getspwuid(pw->pw_uid)) && spw->pw_passwd)
-	    return(spw->pw_passwd);
+	    return(estrdup(spw->pw_passwd));
     }
 #endif /* HAVE_GETSPWUID */
 #ifdef HAVE_GETPWANAM
     {
 	struct passwd_adjunct *spw;
 
 	if ((spw = getpwanam(pw->pw_name)) && spw->pwa_passwd)
-	    return(spw->pwa_passwd);
+	    return(estrdup(spw->pwa_passwd));
     }
 #endif /* HAVE_GETPWANAM */
 #ifdef HAVE_GETAUTHUID
     {
 	AUTHORIZATION *spw;
 
 	if ((spw = getauthuid(pw->pw_uid)) && spw->a_password)
-	    return(spw->a_password);
+	    return(estrdup(spw->a_password));
     }
 #endif /* HAVE_GETAUTHUID */
 
     /* Fall back on normal password. */
-    return(pw->pw_passwd);
+    return(estrdup(pw->pw_passwd));
 }
 
 /*
  * Dynamically allocate space for a struct password and the constituent parts
  * that we care about.  Fills in pw_passwd from shadow file if necessary.
@@ -210,11 +216,11 @@
 
     /* pw_shell is a special case since we overide with $SHELL */
     local_pw->pw_shell = estrdup(sudo_getshell(pw));
 
     /* pw_passwd gets a shadow password if applicable */
-    local_pw->pw_passwd = estrdup(sudo_getepw(pw));
+    local_pw->pw_passwd = sudo_getepw(pw);
 
     return(local_pw);
 }
 
 /*