[Pkg-shadow-commits] r1417 - in upstream/trunk: . src

Tue Nov 20 12:18:37 UTC 2007

Author: nekral-guest
Date: 2007-11-20 12:18:36 +0000 (Tue, 20 Nov 2007)
New Revision: 1417

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/src/passwd.c
Log:
Increase the size of crypt_passwd from 128 to 256 to avoid overflow in
case of SHA512 (161 should be sufficient).


Modified: upstream/trunk/ChangeLog
===================================================================

--- upstream/trunk/ChangeLog	2007-11-20 12:10:55 UTC (rev 1416)
+++ upstream/trunk/ChangeLog	2007-11-20 12:18:36 UTC (rev 1417)
@@ -1,5 +1,10 @@
 2007-11-20  Nicolas François  <nicolas.francois at centraliens.net>
 
+	* src/passwd.c: Increase the size of crypt_passwd from 128 to 256
+	to avoid overflow in case of SHA512 (161 should be sufficient).
+
+2007-11-20  Nicolas François  <nicolas.francois at centraliens.net>
+
 	* lib/prototypes.h, libmisc/salt.c: Add parameters to
 	crypt_make_salt to force the crypt method and number of rounds.
 	* libmisc/salt.c: Add parameter to SHA_salt_rounds to force the

Modified: upstream/trunk/src/passwd.c
===================================================================
--- upstream/trunk/src/passwd.c	2007-11-20 12:10:55 UTC (rev 1416)
+++ upstream/trunk/src/passwd.c	2007-11-20 12:18:36 UTC (rev 1417)
@@ -96,7 +96,20 @@
 static int do_update_age = 0;
 
 #ifndef USE_PAM
-static char crypt_passwd[128];	/* The "old-style" password, if present */
+/*
+ * Size of the biggest passwd:
+ *   $6$	3
+ *   rounds=	7
+ *   999999999	9
+ *   $		1
+ *   salt	16
+ *   $		1
+ *   SHA512	123
+ *   nul	1
+ *
+ *   total	161
+ */
+static char crypt_passwd[256];
 static int do_update_pwd = 0;
 #endif
 


