Package: gchangepass Version: 0.1.5-1 Severity: normal
1) When the new passwd is a first part of the current, the program accuses a problem, saying that the new and current passwords are the same. 2) When you type a short string (<4) as new password it just exit with no warning. I know there are two bugs, but I've reported once because the patch for both is attached. Maybe you have a better solution, so, this patch can be just a suggestion. Anyway, it is being used in debian-br-cdd backport. -- no debconf information
--- ui.c 2005-08-20 20:25:25.000000000 -0400 +++ ui.c.brcdd 2006-03-30 21:43:07.000000000 -0500 @@ -246,7 +246,6 @@ gchangepass_query (NEW); break; } - if (dtype == CURRENT) { secure_free (_userdata->current_password); @@ -269,8 +268,17 @@ { gint new_len = strlen (_userdata->new_password), - conf_len = strlen (t); - + conf_len = strlen (t), + cur_len = 0, + max_len; + + if (getuid() != 0) + { + cur_len = strlen (_userdata->current_password); + } + + max_len = cur_len < new_len ? new_len : cur_len; + if (new_len != conf_len || strncmp (_userdata->new_password, t, new_len)) { @@ -280,17 +288,26 @@ gchangepass_query (NEW); break; } + + if (getuid() != 0 && new_len < 4) + { + gchangepass_dialog (GTK_MESSAGE_ERROR, + _("Bad: new password is too short")); + gchangepass_query (CURRENT); + break; + } + if (_userdata->current_password && !strncmp (_userdata->current_password, _userdata->new_password, - new_len)) + max_len)) { gchangepass_dialog (GTK_MESSAGE_ERROR, _("Old and new password are the same!")); gchangepass_query (CURRENT); break; } - + switch (gchangepass_magic ()) { case 0:
signature.asc
Description: Digital signature