From owner-freebsd-commit Wed May 24 00:18:02 1995 Return-Path: commit-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id AAA01788 for commit-outgoing; Wed, 24 May 1995 00:18:02 -0700 Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id AAA01775 for cvs-ports-outgoing; Wed, 24 May 1995 00:17:58 -0700 Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id AAA01769 ; Wed, 24 May 1995 00:17:46 -0700 Received: from localhost (localhost [127.0.0.1]) by precipice.shockwave.com (8.6.11/8.6.9) with SMTP id AAA00425; Wed, 24 May 1995 00:16:37 -0700 Message-Id: <199505240716.AAA00425@precipice.shockwave.com> To: "Rodney W. Grimes" cc: asami@freefall.cdrom.com (Satoshi Asami), CVS-commiters@freefall.cdrom.com, cvs-ports@freefall.cdrom.com Subject: Re: cvs commit: ports/mail/popper/patches patch-ac In-reply-to: Your message of "Wed, 24 May 1995 00:08:53 PDT." <199505240708.AAA08617@gndrsh.aac.dev.com> Date: Wed, 24 May 1995 00:16:36 -0700 From: Paul Traina Sender: commit-owner@FreeBSD.org Precedence: bulk Absolutely... I thought I already submitted a patch for this that got rid of the check entirely. The check is totally unnecessary. From: "Rodney W. Grimes" Subject: Re: cvs commit: ports/mail/popper/patches patch-ac > > asami 95/05/23 22:35:48 > > Added: mail/popper/patches patch-ac > Log: > Make popper work for both DES and MD4 passwords. Basically, just > change one of the error checks from "strlen(.) != 13" to "strlen(.) != > 13 && strlen(.) != 34". > > Submitted by: Martin Renters Code that knows about the length of the password entry in a system should be considered extremly non portable at best, and a violation of data abstraction at worst. The man page for getpwent says: char *pw_passwd; /* encrypted password */ No place in any of the manual pages will you find that the string length of the password string is either 13 or 34 bytes, Poul and I dug all over for this very thing when he wanted to do the MD5 password before it was ever done to make sure we would not be breaking a documented interface. Popper should treat this as a null terminated string of unknown length! -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD