Description of Problem:
passwd has --stdin option to take new password from stdin. The passwd code
doesn't seem to handle read errors from stdin:
passwd.c:L370
                char newPassword[80];
                int i;

                i = read(STDIN_FILENO, newPassword,
                         sizeof(newPassword) - 1);
                newPassword[i - 1] = '\0';
                conv.conv = stdin_conv;
                conv.appdata_ptr = strdup(newPassword);

If the read call returns -1 or 0 then the code writes \0 byte out of newPassword
array and copies "random" memory as new password. Fortunately the --stdin option
is restricted to root.


Version-Release number of selected component (if applicable):
Name        : passwd                       Relocations: (not relocateable)
Version     : 0.67                              Vendor: Red Hat, Inc.
Release     : 1                             Build Date: Thu Mar 14 03:44:31 2002

(I looked at the passwd code from RH 6.2 (passwd-0.64.1-1) and it appears to
have the same problem).

Expected result:
passwd should handle possible read error from stdin instead of setting the
password to "junk"