bin/53434: pw disallow a password including space.
Hideki SAKAMOTO
sakamoto at hlla.is.tsukuba.ac.jp
Tue Jun 17 23:40:13 PDT 2003
>Number: 53434
>Category: bin
>Synopsis: pw disallow a password including space.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jun 17 23:40:11 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Hideki SAKAMOTO
>Release: FreeBSD 4.7-RELEASE-p10 i386
>Organization:
HLLA Lab, Univ. of Tsukuba, Japan
>Environment:
System: FreeBSD xxx.xxx 4.7-RELEASE-p10 FreeBSD 4.7-RELEASE-p10 #5: Mon Mar 31 18:49:11 JST 2003 xxx.xxx:/usr/obj/usr/src/sys/XXXXX i386
>Description:
pw command cutoff a password at first space character(space or tab),
though passwd command allow a password including these space chars.
>How-To-Repeat:
# echo "space space space" | /usr/sbin/pw useradd testuser -m -h 0
# su - testuser
$ passwd testuser
Changing local password for testuser.
Old password: <input "space space space">
passwd: Permission denied
passwd: /etc/master.passwd: unchanged
$ passwd testuser
Changing local password for testuser.
Old password: <input "space">
New password: <input "space space space">
Retype new password: <input "space space space">
passwd: updating the database...
passwd: done
$
>Fix:
apply this patch to /usr/src/usr.sbin/pw/pw_user.c
*** pw_user.c.old Mon Jun 16 11:22:01 2003
--- pw_user.c Mon Jun 16 11:22:15 2003
***************
*** 639,645 ****
return EX_IOERR;
}
line[b] = '\0';
! if ((p = strpbrk(line, " \t\r\n")) != NULL)
*p = '\0';
if (!*line)
errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
--- 639,645 ----
return EX_IOERR;
}
line[b] = '\0';
! if ((p = strpbrk(line, "\r\n")) != NULL)
*p = '\0';
if (!*line)
errx(EX_DATAERR, "empty password read on file descriptor %d", fd);
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list