Increase the size of crypt_passwd from 128 to 256 to avoid overflow in

case of SHA512 (161 should be sufficient).
2007-11-20 12:18:36 +00:00 · 2007-11-20 12:18:36 +00:00 · 5cb462d767
commit 5cb462d767
parent 63a4e65ca1
2 changed files with 19 additions and 1 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2007-11-20  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* src/passwd.c: Increase the size of crypt_passwd from 128 to 256
+	to avoid overflow in case of SHA512 (161 should be sufficient).
+
 2007-11-20  Nicolas François  <nicolas.francois@centraliens.net>

 	* lib/prototypes.h, libmisc/salt.c: Add parameters to
--- a/src/passwd.c
+++ b/src/passwd.c
@ -96,7 +96,20 @@ static long inact = 0;		/* Days without change before locked */
 static int do_update_age = 0;

 #ifndef USE_PAM
-static char crypt_passwd[128];	/* The "old-style" password, if present */
+/*
+ * Size of the biggest passwd:
+ *   $6$	3
+ *   rounds=	7
+ *   999999999	9
+ *   $		1
+ *   salt	16
+ *   $		1
+ *   SHA512	123
+ *   nul	1
+ *
+ *   total	161
+ */
+static char crypt_passwd[256];
 static int do_update_pwd = 0;
 #endif