The lock_user function has: passwd1 = readpass (PROMPT, DISPLAY, PASS_LEN); /* read password */ passwd2 = (char *) crypt (passwd1, salt); free (passwd1); passwd1 = calloc (strlen (passwd2) + 1, sizeof (char)); strcpy (passwd1, passwd2); But crypt is not declared, which means that the return value of crypt is clipped to 32 bits, likely resulting in crashes on 64-bit architectures. Part of C99 porting. Upstream does not seem to have a bug tracker, so filing it here.
Created attachment 1937754 [details] tlock-c99.patch