Package: lsat
Version: 0.9.7.1-1
Severity: normal
Tags: patch
LSAT's checkftpusers module hardcodes max number of users to check in many
places. The amount (100) is too low for servers. I include a patch that
extracts the value to a #defined constant, and set to 4000.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
--- checkftpusers.c.origczw lut 5 14:31:59 2009
+++ checkftpusers.c czw lut 5 14:36:25 2009
@@ -14,6 +14,8 @@
#include fcntl.h
#include unistd.h
+#define MAX_FTP_USERS 4000
+
int checkftpusers(filename, verbose, html)
const char *const filename;
int verbose;
@@ -26,8 +28,8 @@
/* the passwd list... we ass|u|me that a username */
/* will be 120 chars. :O = line[120]*/
char line[120];/* array for a line */
-char temparray[100][120]; /*temparray. */
-char tempstring[100][120]; /* string to hold ftpusername */
+char temparray[MAX_FTP_USERS][120]; /*temparray. */
+char tempstring[MAX_FTP_USERS][120]; /* string to hold ftpusername */
int i=0; /* counter variable */
int j=0; /* counter variable */
int k=0; /* counter variable */
@@ -46,7 +48,7 @@
const char * header =NULL;
/* init temparray */
-for (i=0; i100; i++)
+for (i=0; iMAX_FTP_USERS; i++)
{
for (j=0; j120; j++)
{
@@ -179,7 +181,7 @@
} /* end if (passptr != NULL) */
/* inc the counter */
i++;
- if (i100)
+ if (iMAX_FTP_USERS)
{
perror(Error in module checkftpusers: Too much data.\n);
return(-1);
@@ -235,7 +237,7 @@
} /* end if (ftpptr != NULL) */
/* inc the linec ounter */
linecount++;
- if (linecount100)
+ if (linecountMAX_FTP_USERS)
{
perror(Error in checkftpusers: Too much data.);
return(-1);
@@ -245,7 +247,7 @@
/* ok, now compare an entry in the userlist */
/* we have against the entries in ftpusers */
-i = 100;
+i = MAX_FTP_USERS;
for (j = 0; j i; j++)
{
for (k=0; k linecount; k++)