From owner-freebsd-audit  Wed May  9  4:15:59 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from nebula.cybercable.fr (d189.dhcp212-126.cybercable.fr [212.198.126.189])
	by hub.freebsd.org (Postfix) with ESMTP id 65B3537B422
	for <audit@FreeBSD.org>; Wed,  9 May 2001 04:15:54 -0700 (PDT)
	(envelope-from mux@qualys.com)
Received: (from mux@localhost)
	by nebula.cybercable.fr (8.11.3/8.11.3) id f49BFpI01796
	for audit@FreeBSD.org; Wed, 9 May 2001 13:15:51 +0200 (CEST)
	(envelope-from mux)
Date: Wed, 9 May 2001 13:15:50 +0200
From: Maxime Henrion <mux@qualys.com>
To: audit@FreeBSD.org
Subject: chpass patch to disallow non-printable characters in the passwd file
Message-ID: <20010509131550.A984@nebula.cybercable.fr>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="HcAYCG3uE/tztfnV"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

	Hi,

Here is another patch from OpenBSD taken from Kris mailbox.  It prevents
users from putting non-printable characters in the passwd file.

Maxime
-- 
Don't be fooled by cheap finnish imitations ; BSD is the One True Code
Key fingerprint = F9B6 1D5A 4963 331C 88FC  CA6A AB50 1EF2 8CBE 99D6
Public Key : http://www.epita.fr/~henrio_m/

--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="edit.c.diff"

*** /usr/src/usr.bin/chpass/edit.c	Wed Sep  6 20:16:46 2000
--- edit.c	Wed May  9 13:12:05 2001
***************
*** 184,193 ****
  	struct passwd *pw;
  {
  	ENTRY *ep;
! 	char *p;
  	struct stat sb;
  	FILE *fp;
! 	int len, line;
  	static char buf[LINE_MAX];
  
  	if (!(fp = fopen(tempname, "r")))
--- 184,193 ----
  	struct passwd *pw;
  {
  	ENTRY *ep;
! 	char *p, *q;
  	struct stat sb;
  	FILE *fp;
! 	unsigned int len, line;
  	static char buf[LINE_MAX];
  
  	if (!(fp = fopen(tempname, "r")))
***************
*** 225,231 ****
  					goto bad;
  				}
  				while (isspace(*++p));
! 				if (ep->except && strpbrk(p, ep->except)) {
  					warnx(
  				   "illegal character in the \"%s\" field",
  					    ep->prompt);
--- 225,235 ----
  					goto bad;
  				}
  				while (isspace(*++p));
! 				for (q = p; *q && isprint(*q); q++) {
! 				      if (ep->except && strchr(ep->except, *q))
! 					      break;
! 				}
! 				if (*q) {
  					warnx(
  				   "illegal character in the \"%s\" field",
  					    ep->prompt);

--HcAYCG3uE/tztfnV--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message