On Mon, 30 Aug 1999, Prince Ctrl wrote:
> Aleph,
>
> After confirming with our Sr. Systems Admin, RedHat was contacted and
> they confirmed that it was indeed a bug within 'passwd'. You can
> download the new version of passwd and it will fix this problem.
>
> http://people.redhat.com/~smooge/passwd-0.60-1.i386.rpm
The link above is a redirect to www.redhat.com. Since there was no patch
posted, here it comes, attached.
Cheers,
Misa
--- pwdb.c.orig Mon Aug 23 20:07:39 1999
+++ pwdb.c Mon Aug 23 20:28:59 1999
@@ -69,7 +69,7 @@
const struct pwdb *_pwdb = NULL;
const struct pwdb_entry *_pwe = NULL;
char *new_pass, *t;
- int retval, flags;
+ int retval, flags, new_len;
retval = pwdb_start();
if (retval != PWDB_SUCCESS)
@@ -84,7 +84,7 @@
return -1;
}
- new_pass = alloca(_pwe->length+1);
+ new_pass = alloca(_pwe->length+3);
t = (char *)_pwe->value;
if (*t == '!') {
/* already locked... */
@@ -94,12 +94,13 @@
* Avoid creating single char '!' crypted passwords that could
* be interpreted as shadow or some other crap
*/
+ new_len = _pwe->length + 2;
if (_pwe->length < 3) {
- snprintf(new_pass, _pwe->length+5, "!!%s", t);
+ snprintf(new_pass, new_len++, "!!%s", t);
} else {
- snprintf(new_pass, _pwe->length+5, "!%s", t);
+ snprintf(new_pass, new_len, "!%s", t);
}
- retval = pwdb_set_entry(_pwdb, "passwd", new_pass, strlen(new_pass)+1,
+ retval = pwdb_set_entry(_pwdb, "passwd", new_pass, new_len,
NULL, NULL, 0);
CHECK_ERROR(retval);
@@ -174,7 +175,7 @@
_pwe->length--;
}
retval = pwdb_set_entry(_pwdb, "passwd", t,
- _pwe->length-1, NULL, NULL, 0);
+ _pwe->length, NULL, NULL, 0);
CHECK_ERROR(retval);
retval = pwdb_entry_delete(&_pwe);
