Patches to npasswd

clyde at sirius.cc.utexas.edu clyde at sirius.cc.utexas.edu
Wed Jun 6 02:06:38 AEST 1990 

This patch to npasswd fixes a problems with overwriting password buffers.
This patch, as well as the fixed version of npasswd, is available on
emx.utexas.edu.

[[Ed's Note: Patch included below for same reasons I gave before :). -bdg]]

---------------- cut here -------------
*** npasswd.c_1.12	Tue Jun  5 10:59:03 1990
--- npasswd.c	Tue Jun  5 10:56:58 1990
***************
*** 136,142 ****
  		if (pw_getuserbyname(username, password) == 0)
  			quit(1, "Cannot get your password information.\n");
  		if (password[0])
! 			getpassword(password, ppbuf);
  	}
  	else {
  		if (pw_getuserbyname(username, password) == 0)
--- 136,142 ----
  		if (pw_getuserbyname(username, password) == 0)
  			quit(1, "Cannot get your password information.\n");
  		if (password[0])
! 			getpassword(password, ppbuf, sizeof(ppbuf));
  	}
  	else {
  		if (pw_getuserbyname(username, password) == 0)
***************
*** 152,157 ****
--- 152,159 ----
  		int	ntries = 0;	/* Password match counter */

  		px = getpass("New password (? for help): ");
+ 		if (px == NULL)
+ 			quit(0, "EOF during new password read.\n");
  		(void) strcpy(pbuf, px);
  		if (pbuf[0] == '?') {
  			motd(HELP_FILE, "Missing help file");
***************
*** 163,168 ****
--- 165,172 ----

  		/* Get confirmation */
  		px = getpass("New password (again): ");
+ 		if (px == NULL)
+ 			quit(0, "EOF during new password read.\n");
  		(void) strcpy(pbuf2, px);
  		if (strcmp(pbuf, pbuf2)) {
  			if (ntries++ >= retries) 
***************
*** 194,202 ****
  /*
   *	getpassword -- read password and check against current.
   */
! getpassword(pwd_crypt, pwd_plain)
  char	*pwd_crypt,		/* Present password (encrypted) */
  	*pwd_plain;		/* Present password (plain)  */
  {
  	int	ntries = 0;	/* Match attempt counter */
  	char	*px;		/* Temp */
--- 198,207 ----
  /*
   *	getpassword -- read password and check against current.
   */
! getpassword(pwd_crypt, pwd_plain, pwlen)
  char	*pwd_crypt,		/* Present password (encrypted) */
  	*pwd_plain;		/* Present password (plain)  */
+ int	pwlen;			/* Length of present password buffer */
  {
  	int	ntries = 0;	/* Match attempt counter */
  	char	*px;		/* Temp */
***************
*** 203,208 ****
--- 208,215 ----

  	for (;;) {
  		px = getpass("Current password: ");
+ 		if (px == 0)
+ 			quit(0, "EOF during password read.\n");
  		if (*px == '\0')
  			continue;
  		if (!pw_compare(pwd_crypt, px)) {
***************
*** 214,220 ****
  			break;
  	}
  	if (pwd_plain)
! 		(void) strcpy(pwd_plain, px);
  }

  /* 
--- 221,227 ----
  			break;
  	}
  	if (pwd_plain)
! 		(void) strncpy(pwd_plain, px, pwlen);
  }

  /* 
---------------- cut here -------------

	-Clyde Hoover
	Computation Center
	The University of Texas at Austin

More information about the Comp.sys.sun mailing list