Date: Wed, 9 May 2001 13:15:50 +0200 From: Maxime Henrion <mux@qualys.com> To: audit@FreeBSD.org Subject: chpass patch to disallow non-printable characters in the passwd file Message-ID: <20010509131550.A984@nebula.cybercable.fr>
next in thread | raw e-mail | index | archive | help
--HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, Here is another patch from OpenBSD taken from Kris mailbox. It prevents users from putting non-printable characters in the passwd file. Maxime -- Don't be fooled by cheap finnish imitations ; BSD is the One True Code Key fingerprint = F9B6 1D5A 4963 331C 88FC CA6A AB50 1EF2 8CBE 99D6 Public Key : http://www.epita.fr/~henrio_m/ --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="edit.c.diff" *** /usr/src/usr.bin/chpass/edit.c Wed Sep 6 20:16:46 2000 --- edit.c Wed May 9 13:12:05 2001 *************** *** 184,193 **** struct passwd *pw; { ENTRY *ep; ! char *p; struct stat sb; FILE *fp; ! int len, line; static char buf[LINE_MAX]; if (!(fp = fopen(tempname, "r"))) --- 184,193 ---- struct passwd *pw; { ENTRY *ep; ! char *p, *q; struct stat sb; FILE *fp; ! unsigned int len, line; static char buf[LINE_MAX]; if (!(fp = fopen(tempname, "r"))) *************** *** 225,231 **** goto bad; } while (isspace(*++p)); ! if (ep->except && strpbrk(p, ep->except)) { warnx( "illegal character in the \"%s\" field", ep->prompt); --- 225,235 ---- goto bad; } while (isspace(*++p)); ! for (q = p; *q && isprint(*q); q++) { ! if (ep->except && strchr(ep->except, *q)) ! break; ! } ! if (*q) { warnx( "illegal character in the \"%s\" field", ep->prompt); --HcAYCG3uE/tztfnV-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010509131550.A984>