ahill/shadow
1
0
Fork 0
mirror of https://github.com/shadow-maint/shadow.git synced 2026-01-26 14:03:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

src/passwd.c: check password length upper limit

Browse Source 
The passwd silently truncated the password length to PASS_MAX.
This patch introduces check that prints an error message
and exits the call.

Signed-off-by: Tomas Halman <tomas@halman.net>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: f024002b3d66 ("src/passwd.c: inconsistent password length limit")
Cc: Serge Hallyn <serge@hallyn.com>
Link: <https://github.com/shadow-maint/shadow/pull/953>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
Tomas Halman 2024-02-16 09:52:39 +01:00 committed by Alejandro Colomar
parent bed23cc34d
commit 9d5591fba9
No known key found for this signature in database
GPG Key ID: 9E8C1AFBBEFFDB32
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/passwd.c
View File

@ -195,6 +195,7 @@ static int new_password (const struct passwd *pw)
char orig[PASS_MAX + 1]; /* Original password */
char pass[PASS_MAX + 1]; /* New password */
int i; /* Counter for retries */
int ret;
bool warned;
int pass_max_len = -1;
const char *method;
@ -300,8 +301,14 @@ static int new_password (const struct passwd *pw)
if (warned && (strcmp (pass, cp) != 0)) {
warned = false;
}
STRFCPY (pass, cp);
ret = STRTCPY (pass, cp);
erase_pass (cp);
if (ret == -1) {
(void) fputs (_("Password is too long.\n"), stderr);
memzero (orig, sizeof orig);
memzero (pass, sizeof pass);
return -1;
}
if (!amroot && (!obscure (orig, pass, pw) || reuse (pass, pw))) {
(void) puts (_("Try again."));