clyde@sirius.cc.utexas.edu (06/05/90)
This patch to npasswd fixes a problems with overwriting password buffers. This patch, as well as the fixed version of npasswd, is available on emx.utexas.edu. [[Ed's Note: Patch included below for same reasons I gave before :). -bdg]] ---------------- cut here ------------- *** npasswd.c_1.12 Tue Jun 5 10:59:03 1990 --- npasswd.c Tue Jun 5 10:56:58 1990 *************** *** 136,142 **** if (pw_getuserbyname(username, password) == 0) quit(1, "Cannot get your password information.\n"); if (password[0]) ! getpassword(password, ppbuf); } else { if (pw_getuserbyname(username, password) == 0) --- 136,142 ---- if (pw_getuserbyname(username, password) == 0) quit(1, "Cannot get your password information.\n"); if (password[0]) ! getpassword(password, ppbuf, sizeof(ppbuf)); } else { if (pw_getuserbyname(username, password) == 0) *************** *** 152,157 **** --- 152,159 ---- int ntries = 0; /* Password match counter */ px = getpass("New password (? for help): "); + if (px == NULL) + quit(0, "EOF during new password read.\n"); (void) strcpy(pbuf, px); if (pbuf[0] == '?') { motd(HELP_FILE, "Missing help file"); *************** *** 163,168 **** --- 165,172 ---- /* Get confirmation */ px = getpass("New password (again): "); + if (px == NULL) + quit(0, "EOF during new password read.\n"); (void) strcpy(pbuf2, px); if (strcmp(pbuf, pbuf2)) { if (ntries++ >= retries) *************** *** 194,202 **** /* * getpassword -- read password and check against current. */ ! getpassword(pwd_crypt, pwd_plain) char *pwd_crypt, /* Present password (encrypted) */ *pwd_plain; /* Present password (plain) */ { int ntries = 0; /* Match attempt counter */ char *px; /* Temp */ --- 198,207 ---- /* * getpassword -- read password and check against current. */ ! getpassword(pwd_crypt, pwd_plain, pwlen) char *pwd_crypt, /* Present password (encrypted) */ *pwd_plain; /* Present password (plain) */ + int pwlen; /* Length of present password buffer */ { int ntries = 0; /* Match attempt counter */ char *px; /* Temp */ *************** *** 203,208 **** --- 208,215 ---- for (;;) { px = getpass("Current password: "); + if (px == 0) + quit(0, "EOF during password read.\n"); if (*px == '\0') continue; if (!pw_compare(pwd_crypt, px)) { *************** *** 214,220 **** break; } if (pwd_plain) ! (void) strcpy(pwd_plain, px); } /* --- 221,227 ---- break; } if (pwd_plain) ! (void) strncpy(pwd_plain, px, pwlen); } /* ---------------- cut here ------------- -Clyde Hoover Computation Center The University of Texas at Austin