rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- login: don't truncate passwords before passing them into crypt(), in case

Browse Source 
they're significant (#149476)
This commit is contained in:
Nalin Dahyabhai 2005-12-02 01:46:50 +00:00
parent 4584045a70
commit f817e39736
2 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
krb5-1.2.7-login-lpass.patch Normal file
View File

@ -0,0 +1,27 @@
The local crypt() may support hash types which use more than the first 8
characters. It also doesn't modify the input string, so we should just
stop truncating it.
--- krb5-1.2.7/src/appl/bsd/login.c 2005-11-15 16:20:34.000000000 -0500
+++ krb5-1.2.7/src/appl/bsd/login.c 2005-11-15 16:20:29.000000000 -0500
@@ -461,17 +461,14 @@
int unix_passwd_okay (pass)
char *pass;
{
- char user_pwcopy[9], *namep;
+ char *namep;
char *crypt ();
assert (pwd != 0);
- /* copy the first 8 chars of the password for unix crypt */
- strncpy(user_pwcopy, pass, sizeof(user_pwcopy));
- user_pwcopy[sizeof(user_pwcopy) - 1]='\0';
- namep = crypt(user_pwcopy, salt);
- memset (user_pwcopy, 0, sizeof(user_pwcopy));
- /* ... and wipe the copy now that we have the string */
+ namep = crypt(pass, salt);
+ if (strlen(namep) < 13)
+ return 0;
/* verify the local password string */
#ifdef HAVE_SHADOW

6
krb5.spec
View File

@ -70,6 +70,7 @@ Patch35: krb5-1.4.1-fclose.patch
Patch36: krb5-1.3.3-rcp-markus.patch
Patch39: krb5-1.4.1-api.patch
Patch40: krb5-1.4.1-telnet-environ.patch
Patch41: krb5-1.2.7-login-lpass.patch
License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/
Group: System Environment/Libraries
@ -134,6 +135,10 @@ network uses Kerberos, this package should be installed on every
workstation.
%changelog
* Thu Dec 1 2005 Nalin Dahyabhai <nalin@redhat.com>
- login: don't truncate passwords before passing them into crypt(), in
case they're significant (#149476)
* Thu Nov 17 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.3-1
- update to 1.4.3
- make ksu setuid again (#137934, others)
@ -880,6 +885,7 @@ workstation.
%patch36 -p1 -b .rcp-markus
%patch39 -p1 -b .api
%patch40 -p1 -b .telnet-environ
%patch41 -p1 -b .login-lpass
cp src/krb524/README README.krb524
find . -type f -name "*.info-dir" -exec rm -fv "{}" ";"
gzip doc/*.ps