Package: gchangepass Version: 0.1.5-1 Severity: normal
1) When the new passwd is a first part of the current, the program accuses a problem, saying that the new and current passwords are the same. 2) When you type a short string (<4) as new password it just exit with no warning. I know there are two bugs, but I've reported once because the patch for both is attached. Maybe you have a better solution, so, this patch can be just a suggestion. Anyway, it is being used in debian-br-cdd backport. -- no debconf information
--- ui.c 2005-08-20 20:25:25.000000000 -0400
+++ ui.c.brcdd 2006-03-30 21:43:07.000000000 -0500
@@ -246,7 +246,6 @@
gchangepass_query (NEW);
break;
}
-
if (dtype == CURRENT)
{
secure_free (_userdata->current_password);
@@ -269,8 +268,17 @@
{
gint
new_len = strlen (_userdata->new_password),
- conf_len = strlen (t);
-
+ conf_len = strlen (t),
+ cur_len = 0,
+ max_len;
+
+ if (getuid() != 0)
+ {
+ cur_len = strlen (_userdata->current_password);
+ }
+
+ max_len = cur_len < new_len ? new_len : cur_len;
+
if (new_len != conf_len ||
strncmp (_userdata->new_password, t, new_len))
{
@@ -280,17 +288,26 @@
gchangepass_query (NEW);
break;
}
+
+ if (getuid() != 0 && new_len < 4)
+ {
+ gchangepass_dialog (GTK_MESSAGE_ERROR,
+ _("Bad: new password is too short"));
+ gchangepass_query (CURRENT);
+ break;
+ }
+
if (_userdata->current_password &&
!strncmp (_userdata->current_password,
_userdata->new_password,
- new_len))
+ max_len))
{
gchangepass_dialog (GTK_MESSAGE_ERROR,
_("Old and new password are the same!"));
gchangepass_query (CURRENT);
break;
}
-
+
switch (gchangepass_magic ())
{
case 0:
signature.asc
Description: Digital signature
