From: Tomas Halman <tomas@halman.net>
Date: Fri, 16 Feb 2024 08:33:02 +0000 (+0100)
Subject: src/passwd.c: inconsistent password length limit
X-Git-Tag: 4.14.6~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bed23cc34d505ce1c0be7c1629dfba98b26f831a;p=thirdparty%2Fshadow.git

src/passwd.c: inconsistent password length limit

The passwd utility had hardcoded limit for password lenght set
to 200 characters. In the agetpass.c is used PASS_MAX for
this purpose.

This patch moves the PASS_MAX definition to common place
and uses it in both places.

Signed-off-by: Tomas Halman <tomas@halman.net>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: f024002b3d66 ("src/passwd.c: inconsistent password length limit")
Cc: Serge Hallyn <serge@hallyn.com>
Link: <https://github.com/shadow-maint/shadow/pull/953>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

diff --git a/lib/agetpass.c b/lib/agetpass.c
index 576b766e5..15146c861 100644
--- a/lib/agetpass.c
+++ b/lib/agetpass.c
@@ -9,7 +9,6 @@
 
 #include <limits.h>
 #include <readpassphrase.h>
-#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -23,11 +22,6 @@
 #endif /* WITH_LIBBSD */
 
 
-#if !defined(PASS_MAX)
-#define PASS_MAX  BUFSIZ - 1
-#endif
-
-
 /*
  * SYNOPSIS
  *	[[gnu::malloc(erase_pass)]]
diff --git a/lib/defines.h b/lib/defines.h
index bd32f00b4..df28411eb 100644
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -25,6 +25,7 @@
     ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
 #endif
 
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -240,4 +241,14 @@ static inline void memzero(void *ptr, size_t size)
 #  define shadow_getenv(name) getenv(name)
 #endif
 
+/*
+ * Maximum password length
+ *
+ * Consider that there is also limit in PAM (PAM_MAX_RESP_SIZE)
+ * currently set to 512.
+ */
+#if !defined(PASS_MAX)
+#define PASS_MAX  BUFSIZ - 1
+#endif
+
 #endif				/* _DEFINES_H_ */
diff --git a/src/passwd.c b/src/passwd.c
index 3e0d8fde4..4549d95d7 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -192,8 +192,8 @@ static int new_password (const struct passwd *pw)
 	char *cipher;		/* Pointer to cipher text */
 	const char *salt;	/* Pointer to new salt */
 	char *cp;		/* Pointer to agetpass() response */
-	char orig[200];		/* Original password */
-	char pass[200];		/* New password */
+	char orig[PASS_MAX + 1];	/* Original password */
+	char pass[PASS_MAX + 1];	/* New password */
 	int i;			/* Counter for retries */
 	bool warned;
 	int pass_max_len = -1;