Support passwords up to PAM_MAX_RESP_SIZE - 1 with --stdin
This commit is contained in:
Miloslav Trmač
parent
1ab8de0be5
commit
768238fbfd
40
passwd-0.79-stdin-length.patch
Normal file
40
passwd-0.79-stdin-length.patch
Normal file
@ -0,0 +1,40 @@
|
||||
Support passwords up to PAM_MAX_RESP_SIZE - 1 with --stdin
|
||||
|
||||
diff -r a3adceb0d42d -r 41908bb68e45 passwd.c
|
||||
--- a/passwd.c Sat May 23 06:52:54 2015 +0200
|
||||
+++ b/passwd.c Mon Nov 02 19:20:24 2015 +0100
|
||||
@@ -479,17 +479,32 @@
|
||||
/* If we need to read the new password from stdin, read it and switch
|
||||
* to the really-quiet stdin conversation function. */
|
||||
if (passwd_flags & PASSWD_STDIN) {
|
||||
- char *ptr, newPassword[80];
|
||||
+ /* PAM's documentation says that PAM_MAX_RESP_SIZE is the
|
||||
+ * maximum supported length of the password, but in practice
|
||||
+ * the code (including examples in the OSF RFC) often truncates
|
||||
+ * data at PAM_MAX_RESP_SIZE - 1. So, refuse to use anything
|
||||
+ * longer than PAM_MAX_RESP_SIZE - 1, to prevent users from
|
||||
+ * setting a password they won't be able to use to log in. */
|
||||
+ char *ptr, newPassword[PAM_MAX_RESP_SIZE];
|
||||
int i;
|
||||
|
||||
i = read(STDIN_FILENO, newPassword,
|
||||
- sizeof(newPassword) - 1);
|
||||
+ sizeof(newPassword));
|
||||
if (i < 0) {
|
||||
fprintf(stderr,
|
||||
_("%s: error reading from stdin: %s\n"), progname,
|
||||
strerror(errno));
|
||||
exit(1);
|
||||
}
|
||||
+ if (i == sizeof(newPassword)) {
|
||||
+ if (newPassword[i - 1] != '\n') {
|
||||
+ fprintf(stderr,
|
||||
+ _("%s: password too long, maximum is %zu"),
|
||||
+ progname, sizeof(newPassword) - 1);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ i--;
|
||||
+ }
|
||||
|
||||
newPassword[i] = '\0';
|
||||
ptr = strchr(newPassword, '\n');
|
||||
@ -7,11 +7,13 @@
|
||||
Summary: An utility for setting or changing passwords using PAM
|
||||
Name: passwd
|
||||
Version: 0.79
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
License: BSD or GPL+
|
||||
Group: System Environment/Base
|
||||
URL: http://fedorahosted.org/passwd
|
||||
Source: https://fedorahosted.org/releases/p/a/%{name}/%{name}-%{version}.tar.bz2
|
||||
# Upstream changeset 41908bb68e4590aa6a5434eb979b23a9f8828011
|
||||
Patch0: passwd-0.79-stdin-length.patch
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
Requires: pam >= 1.0.90, /etc/pam.d/system-auth
|
||||
%if %{WITH_SELINUX}
|
||||
@ -32,6 +34,7 @@ Modules) library.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
%patch0 -p1 -b .stdin-length
|
||||
|
||||
%build
|
||||
%configure \
|
||||
@ -74,6 +77,10 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mandir}/man1/passwd.1*
|
||||
|
||||
%changelog
|
||||
* Mon Nov 2 2015 Miloslav Trmač <mitr@redhat.com> - 0.79-7
|
||||
- Support passwords up to PAM_MAX_RESP_SIZE - 1 with --stdin
|
||||
Resolves: #1187105
|
||||
|
||||
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.79-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user