From: Tomas Halman Date: Fri, 16 Feb 2024 08:33:02 +0000 (+0100) Subject: src/passwd.c: inconsistent password length limit X-Git-Tag: 4.15.0-rc3~12 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dfb4d8fdf914a9f4d0f305980b76825a773d9150;p=thirdparty%2Fshadow.git src/passwd.c: inconsistent password length limit The passwd utility had hardcoded limit for password lenght set to 200 characters. In the agetpass.c is used PASS_MAX for this purpose. This patch moves the PASS_MAX definition to common place and uses it in both places. Signed-off-by: Tomas Halman --- diff --git a/lib/agetpass.c b/lib/agetpass.c index 11809ab74..5d9f9286d 100644 --- a/lib/agetpass.c +++ b/lib/agetpass.c @@ -11,7 +11,6 @@ #include #include -#include #include #include @@ -24,11 +23,6 @@ #endif /* WITH_LIBBSD */ -#if !defined(PASS_MAX) -#define PASS_MAX BUFSIZ - 1 -#endif - - /* * SYNOPSIS * [[gnu::malloc(erase_pass)]] diff --git a/lib/defines.h b/lib/defines.h index 93543e858..8c55dddbc 100644 --- a/lib/defines.h +++ b/lib/defines.h @@ -25,6 +25,7 @@ ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2)) #endif +#include #include #include @@ -202,4 +203,14 @@ # define shadow_getenv(name) getenv(name) #endif +/* + * Maximum password length + * + * Consider that there is also limit in PAM (PAM_MAX_RESP_SIZE) + * currently set to 512. + */ +#if !defined(PASS_MAX) +#define PASS_MAX BUFSIZ - 1 +#endif + #endif /* _DEFINES_H_ */ diff --git a/src/passwd.c b/src/passwd.c index 939ad79d4..3e0a6eb81 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -175,8 +175,8 @@ static int new_password (const struct passwd *pw) char *cipher; /* Pointer to cipher text */ const char *salt; /* Pointer to new salt */ char *cp; /* Pointer to agetpass() response */ - char orig[200]; /* Original password */ - char pass[200]; /* New password */ + char orig[PASS_MAX + 1]; /* Original password */ + char pass[PASS_MAX + 1]; /* New password */ int i; /* Counter for retries */ bool warned; int pass_max_len = -1;