From: Tomas Halman <tomas@halman.net>
Date: Fri, 16 Feb 2024 08:52:39 +0000 (+0100)
Subject: src/passwd.c: check password length upper limit
X-Git-Tag: 4.15.0-rc3~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e15aa5a8a649acbf81449b5b4229eda255f97c9e;p=thirdparty%2Fshadow.git

src/passwd.c: check password length upper limit

The passwd silently truncated the password length to PASS_MAX.
This patch introduces check that prints an error message
and exits the call.

Signed-off-by: Tomas Halman <tomas@halman.net>
---

diff --git a/src/passwd.c b/src/passwd.c
index 3e0a6eb81..1c1f8bfd1 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -178,6 +178,7 @@ static int new_password (const struct passwd *pw)
 	char orig[PASS_MAX + 1];	/* Original password */
 	char pass[PASS_MAX + 1];	/* New password */
 	int i;			/* Counter for retries */
+	int ret;
 	bool warned;
 	int pass_max_len = -1;
 	const char *method;
@@ -276,8 +277,13 @@ static int new_password (const struct passwd *pw)
 		if (NULL == cp) {
 			return -1;
 		}
-		STRTCPY (pass, cp);
+		ret = STRTCPY (pass, cp);
 		erase_pass (cp);
+		if (ret == -1) {
+			(void) fputs (_("Password is too long.\n"), stderr);
+			MEMZERO(pass);
+			return -1;
+		}
 	} else {
 		warned = false;
 		for (i = getdef_num ("PASS_CHANGE_TRIES", 5); i > 0; i--) {
@@ -290,8 +296,14 @@ static int new_password (const struct passwd *pw)
 			if (warned && (strcmp (pass, cp) != 0)) {
 				warned = false;
 			}
-			STRTCPY(pass, cp);
+			ret = STRTCPY (pass, cp);
 			erase_pass (cp);
+			if (ret == -1) {
+				(void) fputs (_("Password is too long.\n"), stderr);
+				MEMZERO(orig);
+				MEMZERO(pass);
+				return -1;
+			}
 
 			if (!amroot && !obscure(orig, pass, pw)) {
 				(void) puts (_("Try again."));