[Pkg-shadow-commits] r1349 - in upstream/trunk: . libmisc src

Fri Nov 16 19:02:00 UTC 2007

Author: nekral-guest
Date: 2007-11-16 19:02:00 +0000 (Fri, 16 Nov 2007)
New Revision: 1349

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/NEWS
   upstream/trunk/libmisc/salt.c
   upstream/trunk/src/chgpasswd.c
   upstream/trunk/src/chpasswd.c
Log:
 * libmisc/salt.c: Make sure the salt string is terminated at the
   right place (either 8th, or 11th position).
 * NEWS, src/chgpasswd.c, src/chpasswd.c: The protocol + salt does
   not need 15 chars. No need for a temporary buffer.
   This change the fix committed on 2007-11-10. The salt provided to
   pw_encrypt could have been too long.


Modified: upstream/trunk/ChangeLog
===================================================================

--- upstream/trunk/ChangeLog	2007-11-16 14:10:29 UTC (rev 1348)
+++ upstream/trunk/ChangeLog	2007-11-16 19:02:00 UTC (rev 1349)
@@ -1,3 +1,12 @@
+2007-11-10  Nicolas François  <nicolas.francois at centraliens.net>
+
+	* libmisc/salt.c: Make sure the salt string is terminated at the
+	right place (either 8th, or 11th position).
+	* NEWS, src/chgpasswd.c, src/chpasswd.c: The protocol + salt does
+	not need 15 chars. No need for a temporary buffer.
+	This change the fix committed on 2007-11-10. The salt provided to
+	pw_encrypt could have been too long.
+
 2007-11-16  Nicolas François  <nicolas.francois at centraliens.net>
 
 	* man/fr/fr.po: Fix typo: missing / in <placeholder-1/>. This

Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS	2007-11-16 14:10:29 UTC (rev 1348)
+++ upstream/trunk/NEWS	2007-11-16 19:02:00 UTC (rev 1349)
@@ -7,7 +7,8 @@
   useradd's -g option. Applied Debian patch 397_non_numerical_identifier.
   Thanks also to Greg Schafer <gschafer at zip.com.au>.
 - chgpasswd, chpasswd: Fix chpasswd and chgpasswd stack overflow. Based on
-  Fedora's shadow-4.0.18.1-overflow.patch.
+  the Fedora's shadow-4.0.18.1-overflow.patch and Debian's
+  495_salt_stack_smash patches.
 - newgrp: Don't ask for a password if there are no group passwords. Just
   directly give up.
 - The permissions of the suid binaries is now configurable in

Modified: upstream/trunk/libmisc/salt.c
===================================================================
--- upstream/trunk/libmisc/salt.c	2007-11-16 14:10:29 UTC (rev 1348)
+++ upstream/trunk/libmisc/salt.c	2007-11-16 19:02:00 UTC (rev 1349)
@@ -62,11 +62,13 @@
 {
 	struct timeval tv;
 	static char result[40];
+	int max_salt_len = 8;
 
 	result[0] = '\0';
 #ifndef USE_PAM
 	if (getdef_bool ("MD5_CRYPT_ENAB")) {
 		strcpy (result, "$1$");	/* magic for the new MD5 crypt() */
+		max_salt_len += 3;
 	}
 #endif
 
@@ -77,8 +79,8 @@
 	strcat (result, l64a (tv.tv_usec));
 	strcat (result, l64a (tv.tv_sec + getpid () + clock ()));
 
-	if (strlen (result) > 3 + 8)	/* magic+salt */
-		result[11] = '\0';
+	if (strlen (result) > max_salt_len)	/* magic+salt */
+		result[max_salt_len] = '\0';
 
 	return result;
 }

Modified: upstream/trunk/src/chgpasswd.c
===================================================================
--- upstream/trunk/src/chgpasswd.c	2007-11-16 14:10:29 UTC (rev 1348)
+++ upstream/trunk/src/chgpasswd.c	2007-11-16 19:02:00 UTC (rev 1349)
@@ -243,14 +243,15 @@
 		newpwd = cp;
 		if (!eflg) {
 			if (md5flg) {
-				char tmp[12];
-				char salt[15] = "";
+				char md5salt[12] = "$1$";
+				char *salt = crypt_make_salt ();
 
-				strcat (tmp, crypt_make_salt ());
-				if (!strncmp (tmp, "$1$", 3))
-					strcat (salt, "$1$");
-				strcat (salt, tmp);
-				cp = pw_encrypt (newpwd, salt);
+				if (strncmp (salt, "$1$", 3) == 0) {
+					strncpy (md5salt, salt, 11);
+				} else {
+					strncat (md5salt, salt, 8);
+				}
+				cp = pw_encrypt (newpwd, md5salt);
 			} else
 				cp = pw_encrypt (newpwd, crypt_make_salt ());
 		}

Modified: upstream/trunk/src/chpasswd.c
===================================================================
--- upstream/trunk/src/chpasswd.c	2007-11-16 14:10:29 UTC (rev 1348)
+++ upstream/trunk/src/chpasswd.c	2007-11-16 19:02:00 UTC (rev 1349)
@@ -239,13 +239,14 @@
 		newpwd = cp;
 		if (!eflg) {
 			if (md5flg) {
-				char tmp[12];
-				char salt[15] = "";
+				char md5salt[12] = "$1$";
+				char *salt = crypt_make_salt ();
 
-				strcat (tmp, crypt_make_salt ());
-				if (!strncmp (tmp, "$1$", 3))
-					strcat (salt, "$1$");
-				strcat (salt, tmp);
+				if (strncmp (salt, "$1$", 3) == 0) {
+					strncpy (md5salt, salt, 11);
+				} else {
+					strncat (md5salt, salt, 8);
+				}
 				cp = pw_encrypt (newpwd, salt);
 			} else
 				cp = pw_encrypt (newpwd, crypt_make_salt ());


