Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 7 Apr 1997 23:01:18 -0400 (EDT)
From:      Drew Derbyshire <ahd@kew.com>
To:        FreeBSD-gnats-submit@freebsd.org, ahd@dumbo.hh.kew.com
Subject:   misc/3224: uucpd.c fails because of inverted expiration check
Message-ID:  <199704080301.XAA14094@dumbo.hh.kew.com>
Resent-Message-ID: <199704080310.UAA11754@freefall.freebsd.org>
index | next in thread | raw e-mail 


>Number:         3224
>Category:       misc
>Synopsis:       uucpd.c 1.11 account expiration check
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr  7 20:10:01 PDT 1997
>Last-Modified:
>Originator:     Drew Derbyshire
>Organization:
Kendra Electronic Wonderworks, Stoneham MA
>Release:        FreeBSD 2.2-RELEASE i386 (uucpd.c 1.11 from 3.0 sources)
>Environment:

	uucpd.c 1.11 from 3.0-CURRENT source tree on 2.1-RELEASE

>Description:

	The account expiration check modified in uucpd.c 1.10 is
	inverted; the previous version failed the login if the 
	account was expired; the new version inverts the if statement
	meaning (the login is passed), but the actual if logic still 
	looks for an expired account.

>How-To-Repeat:

	Attempt login to via port 540 (uucpd) with valid account, it 
	fails.  An expired account will succeed.

>Fix:
	

*** uucpd.c	1997/04/01 20:39:59	1.11
--- uucpd.c	1997/04/06 03:52:14	1.12
***************
*** 33,39 ****
   * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   *
!  *	$Id: uucpd.c,v 1.11 1997/04/01 20:39:59 joerg Exp $
   */
  
  #ifndef lint
--- 33,39 ----
   * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   *
!  *	$Id: uucpd.c,v 1.12 1997/04/06 03:52:14 ahd Exp $
   */
  
  #ifndef lint
***************
*** 163,170 ****
  	 * 3. Account has expired
  	 * 4. Password is incorrect
  	 */
! 	if (pw != NULL && strcmp(pw->pw_shell, _PATH_UUCICO) == 0 &&
! 	    pw->pw_expire && time(NULL) >= pw->pw_expire)
  		pwdok = 1;
  	/* always ask for passwords to deter account guessing */
  	if (!pwdok || (pw->pw_passwd && *pw->pw_passwd != '\0')) {
--- 163,171 ----
  	 * 3. Account has expired
  	 * 4. Password is incorrect
  	 */
! 	if ((pw != NULL) &&
! 	    (strcmp(pw->pw_shell, _PATH_UUCICO) == 0) &&
! 	    (!pw->pw_expire || (time(NULL) <= pw->pw_expire)))
  		pwdok = 1;
  	/* always ask for passwords to deter account guessing */
  	if (!pwdok || (pw->pw_passwd && *pw->pw_passwd != '\0')) {
>Audit-Trail:
>Unformatted:
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704080301.XAA14094>