Date: Sun, 19 Oct 1997 06:30:16 +0400 (MSD) From: mishania@demos.su To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/4801: login.c mistake/typo? in 3.0-CURRENT Message-ID: <199710190230.GAA09817@pappnase.demos.su> Resent-Message-ID: <199710190240.TAA17291@hub.freebsd.org>
index | next in thread | raw e-mail
>Number: 4801
>Category: bin
>Synopsis: critical mistake in login.c's code.
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Oct 18 19:40:00 PDT 1997
>Last-Modified:
>Originator: Mikhail A. Sokolov
>Organization:
Demos Company, Ltd.
>Release: FreeBSD 3.0-CURRENT i386
>Environment:
FreeBSD 3.0-current.
>Description:
Original code of login.c, line 555 has a mistake, which leads to having
passwords always expired, if you don't use LOGIN_CAP <comments start with :>>:
#define DEFAULT_WARN (2L * 7L & 86400L) /* Two weeks */
:> ^^!!
:>here's the mistake - this operation gives null DEFAULT_WARN
#ifdef LOGIN_CAP
warntime = login_getcaptime(lc, "warnpassword",
DEFAULT_WARN, DEFAULT_WARN);
#else
warntime = DEFAULT_WARN;
:> i.e. if you don't use LOGIN_CAP, warntime == NULL.
#endif
changepass=0;
if (pwd->pw_change) {
if (tp.tv_sec >= pwd->pw_change) {
(void)printf("Sorry -- your password has expired.\n");
changepass=1;
syslog(LOG_INFO,
"%s Password expired - forcing change",
pwd->pw_name);
} else if (pwd->pw_change - tp.tv_sec < warntime && !quietlog)
:> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
:> this is always true, since warntime = NULL.
(void)printf("Warning: your password expires on %s",
ctime(&pwd->pw_change));
>How-To-Repeat:
>Fix:
line 555 of login.c should read :
#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */
>Audit-Trail:
>Unformatted:
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710190230.GAA09817>