-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passwd length #953
Passwd length #953
Conversation
7aaeb55
to
6a0c380
Compare
The passwd utility had hardcoded limit for password lenght set to 200 characters. In the agetpass.c is used PASS_MAX for this purpose. This patch moves the PASS_MAX definition to common place and uses it in both places. Signed-off-by: Tomas Halman <tomas@halman.net>
The passwd silently truncated the password length to PASS_MAX. This patch introduces check that prints an error message and exits the call. Signed-off-by: Tomas Halman <tomas@halman.net>
Thanks for doing this! I see we have several macros that seem very related:
Do any of those mean the same thing? I suspect we have different maximum lengths in different places, and we should unify them. |
1a36ac7
|
6a0c380
|
Let's keep this for a different PR. I think this one is good as is. |
I think that they have different meaning. If I understand correctly |
6a0c380
to
596e8d2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks!
The passwd utility had hardcoded limit for password lenght set to 200 characters. In the agetpass.c is used PASS_MAX for this purpose. This patch moves the PASS_MAX definition to common place and uses it in both places. Signed-off-by: Tomas Halman <tomas@halman.net> Reviewed-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: f024002b3d66 ("src/passwd.c: inconsistent password length limit") Cc: Serge Hallyn <serge@hallyn.com> Link: <#953> Signed-off-by: Alejandro Colomar <alx@kernel.org>
The passwd silently truncated the password length to PASS_MAX. This patch introduces check that prints an error message and exits the call. Signed-off-by: Tomas Halman <tomas@halman.net> Reviewed-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: f024002b3d66 ("src/passwd.c: inconsistent password length limit") Cc: Serge Hallyn <serge@hallyn.com> Link: <#953> Signed-off-by: Alejandro Colomar <alx@kernel.org>
This PR addresses two issues:
First commit unifies the password length limit between
agetpass.c
andpasswd.c
.The second one introduces checking the length of provided password.