subject:"\[hackers\] \[ubase\]\[PATCH\] passwd\: fix crashes for unencrypted passwords starting with 'x'."

[hackers] [ubase][PATCH] passwd: fix crashes for unencrypted passwords starting with 'x'.

2018-09-25 Thread Mario J. Rugiero

From: Mario Rugiero 

When deciding where the previous hash should come from, is is
assumed that 'x' started strings all mean to look in shadow.
This is probably harmless in practice, since modern Linux still
use only hashes instead of raw passwords.
However, this is more robust, and more importantly, it is more
consistent with the previous check, which explicitly tests for
the string to be "x".
---
 passwd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/passwd.c b/passwd.c
index 92c59fd..53e01e8 100644
--- a/passwd.c
+++ b/passwd.c
@@ -210,7 +210,8 @@ main(int argc, char *argv[])
if (pw->pw_passwd[0] == '\0') {
goto newpass;
}
-   if (pw->pw_passwd[0] == 'x')
+   if (pw->pw_passwd[0] == 'x' &&
+   pw->pw_passwd[1] == '\0')
prevhash = spw->sp_pwdp;
else
prevhash = pw->pw_passwd;
-- 
2.17.1

Re: [hackers] [ubase][PATCH] passwd: fix crashes for unencrypted passwords starting with 'x'.

2018-09-25 Thread Mario Rugiero

El mar., 25 sep. 2018 02:03, Quentin Rameau  escribió:

> Hello Mario,
>
> > - if (pw->pw_passwd[0] == 'x')
> > + if (pw->pw_passwd[0] == 'x' &&
> > + pw->pw_passwd[0] == '\0')
>
> Did you mean “pw->pw_passwd[1] == '\0')”?
>
> Yes. I'll send a fix later.

[hackers] [ubase][PATCH] passwd: fix crashes for unencrypted passwords starting with 'x'.

2018-09-24 Thread Mario J. Rugiero

From: Mario Rugiero 

When deciding where the previous hash should come from, is is
assumed that 'x' started strings all mean to look in shadow.
This is probably harmless in practice, since modern Linux still
use only hashes instead of raw passwords.
However, this is more robust, and more importantly, it is more
consistent with the previous check, which explicitly tests for
the string to be "x".
---
 passwd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/passwd.c b/passwd.c
index 0b54537..dca2e58 100644
--- a/passwd.c
+++ b/passwd.c
@@ -210,7 +210,8 @@ main(int argc, char *argv[])
if (pw->pw_passwd[0] == '\0') {
goto newpass;
}
-   if (pw->pw_passwd[0] == 'x')
+   if (pw->pw_passwd[0] == 'x' &&
+   pw->pw_passwd[0] == '\0')
prevhash = spw->sp_pwdp;
else
prevhash = pw->pw_passwd;
-- 
2.17.1

[hackers] [ubase][PATCH] passwd: fix crashes for unencrypted passwords starting with 'x'.

Re: [hackers] [ubase][PATCH] passwd: fix crashes for unencrypted passwords starting with 'x'.

[hackers] [ubase][PATCH] passwd: fix crashes for unencrypted passwords starting with 'x'.

3 matches

Site Navigation

Mail list logo

Footer information