Date: Wed, 24 May 1995 00:08:53 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> To: asami@freefall.cdrom.com (Satoshi Asami) Cc: CVS-commiters@freefall.cdrom.com, cvs-ports@freefall.cdrom.com Subject: Re: cvs commit: ports/mail/popper/patches patch-ac Message-ID: <199505240708.AAA08617@gndrsh.aac.dev.com> In-Reply-To: <199505240535.WAA29518@freefall.cdrom.com> from "Satoshi Asami" at May 23, 95 10:35:49 pm
next in thread | previous in thread | raw e-mail | index | archive | help
>
> asami 95/05/23 22:35:48
>
> Added: mail/popper/patches patch-ac
> Log:
> Make popper work for both DES and MD4 passwords. Basically, just
> change one of the error checks from "strlen(.) != 13" to "strlen(.) !=
> 13 && strlen(.) != 34".
>
> Submitted by: Martin Renters <martin@victor.innovus.com>
Code that knows about the length of the password entry in a system
should be considered extremly non portable at best, and a violation
of data abstraction at worst.
The man page for getpwent says:
char *pw_passwd; /* encrypted password */
No place in any of the manual pages will you find that the string
length of the password string is either 13 or 34 bytes, Poul and I
dug all over for this very thing when he wanted to do the MD5 password
before it was ever done to make sure we would not be breaking a
documented interface.
Popper should treat this as a null terminated string of unknown length!
--
Rod Grimes rgrimes@gndrsh.aac.dev.com
Accurate Automation Company Custom computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199505240708.AAA08617>