Re: RH 6.0 shadowed users and user lock bug fix

[misa () NECOMM RO (Mihai Ibanescu)]

On Mon, 30 Aug 1999, Prince Ctrl wrote:

> Aleph,
>
> After confirming with our Sr. Systems Admin, RedHat was contacted and
> they confirmed that it was indeed a bug within 'passwd'. You can
> download the new version of passwd and it will fix this problem.
>
> http://people.redhat.com/~smooge/passwd-0.60-1.i386.rpm

The link above is a redirect to www.redhat.com. Since there was no patch
posted, here it comes, attached.

Cheers,
Misa


--- pwdb.c.orig Mon Aug 23 20:07:39 1999
+++ pwdb.c      Mon Aug 23 20:28:59 1999
@@ -69,7 +69,7 @@
     const struct pwdb *_pwdb = NULL;
     const struct pwdb_entry *_pwe = NULL;
     char *new_pass, *t;
-    int retval, flags;
+    int retval, flags, new_len;
 
     retval = pwdb_start();
     if (retval != PWDB_SUCCESS)
@@ -84,7 +84,7 @@
         return -1;
     }
     
-    new_pass = alloca(_pwe->length+1);
+    new_pass = alloca(_pwe->length+3);
     t = (char *)_pwe->value;
     if (*t == '!') {
         /* already locked... */
@@ -94,12 +94,13 @@
      * Avoid creating single char '!' crypted passwords that could
      * be interpreted  as shadow or some other crap
      */
+    new_len = _pwe->length + 2;
     if (_pwe->length < 3) {
-       snprintf(new_pass, _pwe->length+5, "!!%s", t);
+       snprintf(new_pass, new_len++, "!!%s", t);
     } else {
-       snprintf(new_pass, _pwe->length+5, "!%s", t);
+       snprintf(new_pass, new_len, "!%s", t);
     }  
-    retval = pwdb_set_entry(_pwdb, "passwd", new_pass, strlen(new_pass)+1,
+    retval = pwdb_set_entry(_pwdb, "passwd", new_pass, new_len,
                             NULL, NULL, 0);
     CHECK_ERROR(retval);
 
@@ -174,7 +175,7 @@
         _pwe->length--;
     }
     retval = pwdb_set_entry(_pwdb, "passwd", t,
-                           _pwe->length-1, NULL, NULL, 0);
+                           _pwe->length, NULL, NULL, 0);
     CHECK_ERROR(retval);
 
     retval = pwdb_entry_delete(&_pwe);