Package: chntpw
Version: 0.99.6-2
Severity: grave
I tried to clear my Windows password by chntpw.
$ chntpw -u emasaka SAM
I choosed "1 - Clear (blank) user password", and wrote changes, but
Windows password didn't cleared. Even message "Password cleared!"
didn't displayed.
In chntpw.c, menu item 1 is checked like following:
else if (pl == 1 && *newp == '1') {
p1 and *newp are values from fmyinput().
debian/patches/09_improve_robustness looks like adding bug to
fmyinput().
Original fmyinput() truncates input string, then calls strlen(). But
Debian patch version fmyinput() calls strlen(), then truncates input
string. So, Debian version fmyinput() always returns original
fmyinput() + 1. As a result, when I enter "1", pl (return value of
fmyinput(), value of strlen()) becomes 2.
Following is example code.
$ cat foo.c
#include <stdio.h>
#include <string.h>
int fmyinput(char *prmpt, char *ibuf, int maxlen)
{
#if PATCHED == 1
int len;
#endif
printf("%s",prmpt);
fgets(ibuf,maxlen+1,stdin);
#if PATCHED == 1
len = strlen(ibuf);
#endif
#if PATCHED == 1
if (len)
ibuf[len-1] = 0;
#else
ibuf[strlen(ibuf)-1] = 0;
#endif
#if PATCHED == 1
return len;
#else
return(strlen(ibuf));
#endif
}
int main()
{
int pl;
char buff[10];
pl = fmyinput("> ", buff, 4);
printf("pl=%d\n", pl, buff);
}
$ cc foo.c -o foo
$ ./foo
> 1
pl=1
$ cc foo.c -o foo -DPATCHED=1
$ ./foo
> 1
pl=2
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
