diff options
| author | Michal Zidek <mzidek@redhat.com> | 2012-10-02 15:06:53 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-10-03 20:25:09 +0200 |
| commit | f0f2ac9ee5a0b83806899cc3636941acb87bbccf (patch) | |
| tree | 0d694345fe8c8f3adede1b234232b18c932a8714 /src/tools | |
| parent | 2be3f0fb6f38042386975111a1e86e7b5850ac85 (diff) | |
| download | sssd-f0f2ac9ee5a0b83806899cc3636941acb87bbccf.tar.gz sssd-f0f2ac9ee5a0b83806899cc3636941acb87bbccf.tar.xz sssd-f0f2ac9ee5a0b83806899cc3636941acb87bbccf.zip | |
sss_seed: Passwords longer then PASS_MAX not allowed.
sss_seed fails if password file specified with -p or
--password-file option contains password longer than
PASS_MAX.
Man pages inform about PASS_MAX limitation.
Diffstat (limited to 'src/tools')
| -rw-r--r-- | src/tools/sss_seed.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/tools/sss_seed.c b/src/tools/sss_seed.c index 9b8f69b12..9b1471d7c 100644 --- a/src/tools/sss_seed.c +++ b/src/tools/sss_seed.c @@ -263,7 +263,7 @@ static int seed_password_input_file(TALLOC_CTX *mem_ctx, } errno = 0; - len = sss_atomic_read_s(fd, buf, PASS_MAX); + len = sss_atomic_read_s(fd, buf, PASS_MAX + 1); if (len == -1) { ret = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to read password from file " @@ -274,6 +274,13 @@ static int seed_password_input_file(TALLOC_CTX *mem_ctx, } close(fd); + + if (len > PASS_MAX) { + ERROR("Password file too big.\n"); + ret = EINVAL; + goto done; + } + buf[len] = '\0'; /* Only the first line is valid (without '\n'). */ |