Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 120060
| Summary: | Passwd code cleanup | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Steve Grubb <linux_4ever> | ||||||
| Component: | passwd | Assignee: | Jindrich Novy <jnovy> | ||||||
| Status: | CLOSED RAWHIDE | QA Contact: | Mike McLean <mikem> | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | rawhide | CC: | pknirsch | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2004-09-02 11:46:17 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 114963, 123268 | ||||||||
| Attachments: |
|
||||||||
Created attachment 99118 [details]
Patch that fixes bugs found by code review.
Please apply before releasing fedora core 2.
Created attachment 99912 [details]
Revised patch
The off by one problem was found to be used to remove the \n. Therefore the
patch needed updating. Please use this one instead.
Note btw that there is a small behavioour change if the user uses ^V before newl ine characters. The new behaviour seems somewhat wiser however. At one point, I had:
if (i && newPassword[i-1] == '\n')
newPassword[i-1] = 0;
It was suggested on vend-sec to just do a strchr instead. I suppose
they may have meant strrchr.
Hello Steve, most things from your patch were applied. Thanks, Jindrich |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2) Gecko/20040308 Description of problem: During a code review, I found several issues with the programs in the passwd rpm. Notibly, the passwd program has an off by 1 in the case of --stdin. buffer is 80, len passed to read is 79, location 78 is 0'ed. This is more noticeable if you imagine i == 1 after read. Also, if read returns an error, the program continues as if nothing bad happened and tries to zero buffer[-2]; Also, pam_start was not being checked for its return code. Various minor memory leaks. Version-Release number of selected component (if applicable): passwd-0.68 How reproducible: Always Steps to Reproduce: Found during code review. Additional info: I will attach a patch that fixes these. I did not look at prior versions to see if these issues exist.