Blame krb5-1.6.3-login-lpass.patch
|
 |
f817e39 |
The local crypt() may support hash types which use more than the first 8
|
|
|
f817e39 |
characters. It also doesn't modify the input string, so we should just
|
|
|
a3fdad4 |
stop truncating it. Are there platforms where the input string *is* modified?
|
|
|
a3fdad4 |
|
|
|
f817e39 |
--- krb5-1.2.7/src/appl/bsd/login.c 2005-11-15 16:20:34.000000000 -0500
|
|
|
f817e39 |
+++ krb5-1.2.7/src/appl/bsd/login.c 2005-11-15 16:20:29.000000000 -0500
|
|
|
f817e39 |
@@ -461,17 +461,14 @@
|
|
|
d40ea45 |
static int unix_passwd_okay (pass)
|
|
|
f817e39 |
char *pass;
|
|
|
f817e39 |
{
|
|
|
f817e39 |
- char user_pwcopy[9], *namep;
|
|
|
f817e39 |
+ char *namep;
|
|
|
f817e39 |
char *crypt ();
|
|
|
f817e39 |
|
|
|
f817e39 |
assert (pwd != 0);
|
|
|
f817e39 |
|
|
|
f817e39 |
- /* copy the first 8 chars of the password for unix crypt */
|
|
|
f817e39 |
- strncpy(user_pwcopy, pass, sizeof(user_pwcopy));
|
|
|
f817e39 |
- user_pwcopy[sizeof(user_pwcopy) - 1]='\0';
|
|
|
f817e39 |
- namep = crypt(user_pwcopy, salt);
|
|
|
f817e39 |
- memset (user_pwcopy, 0, sizeof(user_pwcopy));
|
|
|
f817e39 |
- /* ... and wipe the copy now that we have the string */
|
|
|
f817e39 |
+ namep = crypt(pass, salt);
|
|
|
f817e39 |
+ if (strlen(namep) < 13)
|
|
|
f817e39 |
+ return 0;
|
|
|
f817e39 |
|
|
|
f817e39 |
/* verify the local password string */
|
|
|
f817e39 |
#ifdef HAVE_SHADOW
|