diff options
| author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2005-12-02 01:46:50 +0000 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2005-12-02 01:46:50 +0000 |
| commit | f817e39736dd32dce16c535132ec4ac9e555c3fc (patch) | |
| tree | ecff2d70df1d8d5ca78d223a04088e5a4e73f5c7 | |
| parent | 4584045a703b5a1b5c492f8d874e8c4c91f61cbb (diff) | |
| download | krb5-f817e39736dd32dce16c535132ec4ac9e555c3fc.tar.gz krb5-f817e39736dd32dce16c535132ec4ac9e555c3fc.tar.xz krb5-f817e39736dd32dce16c535132ec4ac9e555c3fc.zip | |
- login: don't truncate passwords before passing them into crypt(), in case
they're significant (#149476)
| -rw-r--r-- | krb5-1.2.7-login-lpass.patch | 27 | ||||
| -rw-r--r-- | krb5.spec | 6 |
2 files changed, 33 insertions, 0 deletions
diff --git a/krb5-1.2.7-login-lpass.patch b/krb5-1.2.7-login-lpass.patch new file mode 100644 index 0000000..f943213 --- /dev/null +++ b/krb5-1.2.7-login-lpass.patch @@ -0,0 +1,27 @@ +The local crypt() may support hash types which use more than the first 8 +characters. It also doesn't modify the input string, so we should just +stop truncating it. +--- krb5-1.2.7/src/appl/bsd/login.c 2005-11-15 16:20:34.000000000 -0500 ++++ krb5-1.2.7/src/appl/bsd/login.c 2005-11-15 16:20:29.000000000 -0500 +@@ -461,17 +461,14 @@ + int unix_passwd_okay (pass) + char *pass; + { +- char user_pwcopy[9], *namep; ++ char *namep; + char *crypt (); + + assert (pwd != 0); + +- /* copy the first 8 chars of the password for unix crypt */ +- strncpy(user_pwcopy, pass, sizeof(user_pwcopy)); +- user_pwcopy[sizeof(user_pwcopy) - 1]='\0'; +- namep = crypt(user_pwcopy, salt); +- memset (user_pwcopy, 0, sizeof(user_pwcopy)); +- /* ... and wipe the copy now that we have the string */ ++ namep = crypt(pass, salt); ++ if (strlen(namep) < 13) ++ return 0; + + /* verify the local password string */ + #ifdef HAVE_SHADOW @@ -70,6 +70,7 @@ Patch35: krb5-1.4.1-fclose.patch Patch36: krb5-1.3.3-rcp-markus.patch Patch39: krb5-1.4.1-api.patch Patch40: krb5-1.4.1-telnet-environ.patch +Patch41: krb5-1.2.7-login-lpass.patch License: MIT, freely distributable. URL: http://web.mit.edu/kerberos/www/ Group: System Environment/Libraries @@ -134,6 +135,10 @@ network uses Kerberos, this package should be installed on every workstation. %changelog +* Thu Dec 1 2005 Nalin Dahyabhai <nalin@redhat.com> +- login: don't truncate passwords before passing them into crypt(), in + case they're significant (#149476) + * Thu Nov 17 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.3-1 - update to 1.4.3 - make ksu setuid again (#137934, others) @@ -880,6 +885,7 @@ workstation. %patch36 -p1 -b .rcp-markus %patch39 -p1 -b .api %patch40 -p1 -b .telnet-environ +%patch41 -p1 -b .login-lpass cp src/krb524/README README.krb524 find . -type f -name "*.info-dir" -exec rm -fv "{}" ";" gzip doc/*.ps |