-+ (pwd = getpwnam(&pp[4])) != NULL) {
-+ if(pwd->pw_passwd && pwd->pw_passwd[0] == '!')
-+ continue;
-+ ppnew = malloc(5 + strlen(pwd->pw_passwd));
-+ ppnew[0] = ':';
-+ strcpy(ppnew + 1, pwd->pw_passwd);
-+ pp = ppnew;
-+ }
- if(pp && pp[1] == '$' && pp[2] == '1' &&
- pp[3] == '$' && pp[4]) {
- pp++;
-@@ -1482,6 +1492,10 @@
- /* unauthorized */
- continue;
++ (pwd = getpwnam(&pp[4])) != NULL) {
++ if(pwd->pw_passwd && pwd->pw_passwd[0] == '!') {
++ prev = NULL;
++ continue;
++ }
++ ppnew = xrealloc(ppnew, 5 + strlen(pwd->pw_passwd));
++ ppnew[0] = ':';
++ strcpy(ppnew + 1, pwd->pw_passwd);
++ pp = ppnew;
++ }
+ if (pp && pp[1] == '$' && pp[2] == '1'
+ && pp[3] == '$' && pp[4]
+ ) {
+@@ -1543,6 +1557,10 @@
+ /* unauthorized */
+ continue;
+ }
++ if (ppnew) {
++ free(ppnew);
++ ppnew = NULL;
++ }