From owner-freebsd-bugs@FreeBSD.ORG Tue Jun 17 23:40:13 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4338137B405 for ; Tue, 17 Jun 2003 23:40:13 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D1E443FB1 for ; Tue, 17 Jun 2003 23:40:12 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h5I6eBUp087548 for ; Tue, 17 Jun 2003 23:40:11 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h5I6eBIZ087547; Tue, 17 Jun 2003 23:40:11 -0700 (PDT) Resent-Date: Tue, 17 Jun 2003 23:40:11 -0700 (PDT) Resent-Message-Id: <200306180640.h5I6eBIZ087547@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Hideki SAKAMOTO Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4422A37B408 for ; Tue, 17 Jun 2003 23:31:51 -0700 (PDT) Received: from hroptr.secup.is.tsukuba.ac.jp (hroptr.secup.is.tsukuba.ac.jp [130.158.85.213]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86D1C43FCB for ; Tue, 17 Jun 2003 23:31:48 -0700 (PDT) (envelope-from sakamoto@secup.is.tsukuba.ac.jp) Received: from hroptr.secup.is.tsukuba.ac.jp (localhost.secup.is.tsukuba.ac.jp. [127.0.0.1])h5G2qZ7x033095 for ; Mon, 16 Jun 2003 11:52:35 +0900 (JST) (envelope-from sakamoto@hroptr.secup.is.tsukuba.ac.jp) Received: (from sakamoto@localhost)h5G2qXZh033094; Mon, 16 Jun 2003 11:52:33 +0900 (JST) (envelope-from sakamoto) Message-Id: <200306160252.h5G2qXZh033094@hroptr.secup.is.tsukuba.ac.jp> Date: Mon, 16 Jun 2003 11:52:33 +0900 (JST) From: Hideki SAKAMOTO To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/53434: pw disallow a password including space. X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Hideki SAKAMOTO List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Jun 2003 06:40:13 -0000 >Number: 53434 >Category: bin >Synopsis: pw disallow a password including space. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jun 17 23:40:11 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Hideki SAKAMOTO >Release: FreeBSD 4.7-RELEASE-p10 i386 >Organization: HLLA Lab, Univ. of Tsukuba, Japan >Environment: System: FreeBSD xxx.xxx 4.7-RELEASE-p10 FreeBSD 4.7-RELEASE-p10 #5: Mon Mar 31 18:49:11 JST 2003 xxx.xxx:/usr/obj/usr/src/sys/XXXXX i386 >Description: pw command cutoff a password at first space character(space or tab), though passwd command allow a password including these space chars. >How-To-Repeat: # echo "space space space" | /usr/sbin/pw useradd testuser -m -h 0 # su - testuser $ passwd testuser Changing local password for testuser. Old password: passwd: Permission denied passwd: /etc/master.passwd: unchanged $ passwd testuser Changing local password for testuser. Old password: New password: Retype new password: passwd: updating the database... passwd: done $ >Fix: apply this patch to /usr/src/usr.sbin/pw/pw_user.c *** pw_user.c.old Mon Jun 16 11:22:01 2003 --- pw_user.c Mon Jun 16 11:22:15 2003 *************** *** 639,645 **** return EX_IOERR; } line[b] = '\0'; ! if ((p = strpbrk(line, " \t\r\n")) != NULL) *p = '\0'; if (!*line) errx(EX_DATAERR, "empty password read on file descriptor %d", fd); --- 639,645 ---- return EX_IOERR; } line[b] = '\0'; ! if ((p = strpbrk(line, "\r\n")) != NULL) *p = '\0'; if (!*line) errx(EX_DATAERR, "empty password read on file descriptor %d", fd); >Release-Note: >Audit-Trail: >Unformatted: