[Pkg-shadow-commits] r1338 - in upstream/trunk: . src
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Sat Nov 10 18:48:23 UTC 2007
Author: nekral-guest
Date: 2007-11-10 18:48:23 +0000 (Sat, 10 Nov 2007)
New Revision: 1338
Modified:
upstream/trunk/ChangeLog
upstream/trunk/NEWS
upstream/trunk/src/chgpasswd.c
upstream/trunk/src/chpasswd.c
Log:
Fix chpasswd and chgpasswd stack overflow. Based on Fedora's shadow-4.0.18.1-overflow.patch.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2007-11-10 15:52:09 UTC (rev 1337)
+++ upstream/trunk/ChangeLog 2007-11-10 18:48:23 UTC (rev 1338)
@@ -1,6 +1,12 @@
2007-11-10 Nicolas François <nicolas.francois at centraliens.net>
- * NEWS, src/useradd.c: allow non numerical group identifier to be
+ * NEWS, src/chgpasswd.c, src/chpasswd.c: Fix chpasswd and
+ chgpasswd stack overflow. Based on Fedora's
+ shadow-4.0.18.1-overflow.patch.
+
+2007-11-10 Nicolas François <nicolas.francois at centraliens.net>
+
+ * NEWS, src/useradd.c: Allow non numerical group identifier to be
specified with useradd's -g option. Applied Debian patch
397_non_numerical_identifier. Thanks also to Greg Schafer
<gschafer at zip.com.au>.
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2007-11-10 15:52:09 UTC (rev 1337)
+++ upstream/trunk/NEWS 2007-11-10 18:48:23 UTC (rev 1338)
@@ -6,6 +6,8 @@
- useradd: Allow non numerical group identifier to be specified with
useradd's -g option. Applied Debian patch 397_non_numerical_identifier.
Thanks also to Greg Schafer <gschafer at zip.com.au>.
+- chgpasswd, chpasswd: Fix chpasswd and chgpasswd stack overflow. Based on
+ Fedora's shadow-4.0.18.1-overflow.patch.
shadow-4.0.18.1 -> shadow-4.0.18.2 28-10-2007
Modified: upstream/trunk/src/chgpasswd.c
===================================================================
--- upstream/trunk/src/chgpasswd.c 2007-11-10 15:52:09 UTC (rev 1337)
+++ upstream/trunk/src/chgpasswd.c 2007-11-10 18:48:23 UTC (rev 1338)
@@ -243,9 +243,13 @@
newpwd = cp;
if (!eflg) {
if (md5flg) {
- char salt[12] = "$1$";
+ char tmp[12];
+ char salt[15] = "";
- strcat (salt, crypt_make_salt ());
+ strcat (tmp, crypt_make_salt ());
+ if (!strncmp (tmp, "$1$", 3))
+ strcat (salt, "$1$");
+ strcat (salt, tmp);
cp = pw_encrypt (newpwd, salt);
} else
cp = pw_encrypt (newpwd, crypt_make_salt ());
Modified: upstream/trunk/src/chpasswd.c
===================================================================
--- upstream/trunk/src/chpasswd.c 2007-11-10 15:52:09 UTC (rev 1337)
+++ upstream/trunk/src/chpasswd.c 2007-11-10 18:48:23 UTC (rev 1338)
@@ -239,9 +239,13 @@
newpwd = cp;
if (!eflg) {
if (md5flg) {
- char salt[12] = "$1$";
+ char tmp[12];
+ char salt[15] = "";
- strcat (salt, crypt_make_salt ());
+ strcat (tmp, crypt_make_salt ());
+ if (!strncmp (tmp, "$1$", 3))
+ strcat (salt, "$1$");
+ strcat (salt, tmp);
cp = pw_encrypt (newpwd, salt);
} else
cp = pw_encrypt (newpwd, crypt_make_salt ());
More information about the Pkg-shadow-commits
mailing list