Increase the size of crypt_passwd from 128 to 256 to avoid overflow in

case of SHA512 (161 should be sufficient).

diff --git a/ChangeLog b/ChangeLog
index b1e3923458895e5fdc00e54c4bf254b3b1db025f..e7ed71c9650d3c5968a4f690bc1c180044acd53c 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2007-11-20  Nicolas François  <nicolas.francois@centraliens.net>
+
+       * src/passwd.c: Increase the size of crypt_passwd from 128 to 256
+       to avoid overflow in case of SHA512 (161 should be sufficient).
+
 2007-11-20  Nicolas François  <nicolas.francois@centraliens.net>
 
        * lib/prototypes.h, libmisc/salt.c: Add parameters to

diff --git a/src/passwd.c b/src/passwd.c
index 0c349aaba92017da30a4d4f3c7a50be57296051e..592fc4a3bbf26f46c41c0f3e8b55fc928ac2a8f1 100644 (file)
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -96,7 +96,20 @@ static long inact = 0;               /* Days without change before locked */
 static int do_update_age = 0;
 
 #ifndef USE_PAM
-static char crypt_passwd[128]; /* The "old-style" password, if present */
+/*
+ * Size of the biggest passwd:
+ *   $6$       3
+ *   rounds=   7
+ *   999999999 9
+ *   $         1
+ *   salt      16
+ *   $         1
+ *   SHA512    123
+ *   nul       1
+ *
+ *   total     161
+ */
+static char crypt_passwd[256];
 static int do_update_pwd = 0;
 #endif