Package: nis
Version: 3.17-32
Severity: normal
I might have something in my NIS configuration that is displaying this bug, but
I think it is a bug whether or not that is the case.
On line 410 of yppasswd.c, crypt() is run, with the salt parameter that is only
checked to be one character long.
If a length=1 string is passed in as the salt, crypt returns null, which then
crashes in the strncmp.
Arguably, this might be better fixed inside crypt(), though I don't know enough
to know the consequences of that.
Here is the fix for nis that will workaround this issue:
--- nis-3.17.orig/yp-tools-2.9/src/yppasswd.c 2013-09-03 12:08:35.000000000
-0400
+++ ./yppasswd.c 2013-09-03 12:07:30.000000000 -0400
@@ -406,7 +406,7 @@
return 0;
}
- if (pwd->pw_passwd[0]
+ if (pwd->pw_passwd[0] && pwd->pw_passwd[1]
&& !strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), 13)
&& uid)
{
In my case, the pwd->pw_passwd is "x", I think because yp doesn't have access
to my current password because I am not root.
-- Package-specific info:
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.9-1-amd64 (SMP w/24 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=ANSI_X3.4-1968)
(ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash
Versions of packages nis depends on:
ii debconf [debconf-2.0] 1.5.50
ii hostname 3.13
ii libc6 2.17-92
ii libdbus-1-3 1.6.12-1
ii libdbus-glib-1-2 0.100.2-1
ii libgdbm3 1.8.3-12
ii libglib2.0-0 2.36.4-1
ii libslp1 1.2.1-9
ii lsb-base 4.1+Debian12
ii make 3.81-8.2
ii netbase 5.1
ii rpcbind [portmap] 0.2.0-8.1
nis recommends no packages.
Versions of packages nis suggests:
pn nscd <none>
-- debconf information excluded
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
