src/passwd.c: check password length upper limit

The passwd silently truncated the password length to PASS_MAX.
This patch introduces check that prints an error message
and exits the call.

Signed-off-by: Tomas Halman <tomas@halman.net>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: f024002b3d66 ("src/passwd.c: inconsistent password length limit")
Cc: Serge Hallyn <serge@hallyn.com>
Link: <https://github.com/shadow-maint/shadow/pull/953>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/src/passwd.c b/src/passwd.c
index 4549d95d7d8fc909b0ca1eed9e30d9937f1e7438..ee25373b91451f6ae5ef9e937a053dbd7133cc7a 100644 (file)
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -195,6 +195,7 @@ static int new_password (const struct passwd *pw)
        char orig[PASS_MAX + 1];        /* Original password */
        char pass[PASS_MAX + 1];        /* New password */
        int i;                  /* Counter for retries */
+       int ret;
        bool warned;
        int pass_max_len = -1;
        const char *method;
@@ -300,8 +301,14 @@ static int new_password (const struct passwd *pw)
                if (warned && (strcmp (pass, cp) != 0)) {
                        warned = false;
                }
-               STRFCPY (pass, cp);
+               ret = STRTCPY (pass, cp);
                erase_pass (cp);
+               if (ret == -1) {
+                       (void) fputs (_("Password is too long.\n"), stderr);
+                       memzero (orig, sizeof orig);
+                       memzero (pass, sizeof pass);
+                       return -1;
+               }
 
                if (!amroot && (!obscure (orig, pass, pw) || reuse (pass, pw))) {
                        (void) puts (_("Try again."));