On Mon, 30 Aug 1999, Prince Ctrl wrote: > Aleph, > > After confirming with our Sr. Systems Admin, RedHat was contacted and > they confirmed that it was indeed a bug within 'passwd'. You can > download the new version of passwd and it will fix this problem. > > http://people.redhat.com/~smooge/passwd-0.60-1.i386.rpm The link above is a redirect to www.redhat.com. Since there was no patch posted, here it comes, attached. Cheers, Misa
--- pwdb.c.orig Mon Aug 23 20:07:39 1999 +++ pwdb.c Mon Aug 23 20:28:59 1999 @@ -69,7 +69,7 @@ const struct pwdb *_pwdb = NULL; const struct pwdb_entry *_pwe = NULL; char *new_pass, *t; - int retval, flags; + int retval, flags, new_len; retval = pwdb_start(); if (retval != PWDB_SUCCESS) @@ -84,7 +84,7 @@ return -1; } - new_pass = alloca(_pwe->length+1); + new_pass = alloca(_pwe->length+3); t = (char *)_pwe->value; if (*t == '!') { /* already locked... */ @@ -94,12 +94,13 @@ * Avoid creating single char '!' crypted passwords that could * be interpreted as shadow or some other crap */ + new_len = _pwe->length + 2; if (_pwe->length < 3) { - snprintf(new_pass, _pwe->length+5, "!!%s", t); + snprintf(new_pass, new_len++, "!!%s", t); } else { - snprintf(new_pass, _pwe->length+5, "!%s", t); + snprintf(new_pass, new_len, "!%s", t); } - retval = pwdb_set_entry(_pwdb, "passwd", new_pass, strlen(new_pass)+1, + retval = pwdb_set_entry(_pwdb, "passwd", new_pass, new_len, NULL, NULL, 0); CHECK_ERROR(retval); @@ -174,7 +175,7 @@ _pwe->length--; } retval = pwdb_set_entry(_pwdb, "passwd", t, - _pwe->length-1, NULL, NULL, 0); + _pwe->length, NULL, NULL, 0); CHECK_ERROR(retval); retval = pwdb_entry_delete(&_pwe);