Re: [Cvs-dev] cvs-passwd patch: weird problem

cvs-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cvs-dev] cvs-passwd patch: weird problem

From:	Larry Jones
Subject:	Re: [Cvs-dev] cvs-passwd patch: weird problem
Date:	Sat, 19 Aug 2006 16:45:29 -0400 (EDT)

Prasad J Pandit writes:
> 
>    see, on the cvs server side, my function spasswd () receives the user 
> credentials as argument, and calls another function change_pass (). The 
> problem is, it works properly, IF and ONLY IF, I print value of variable 
> 'str (a char *)' or encrypted password 'pass (a char *)' before calling 
> change_pass ().

Those kinds of problems are almost always due to memory corruption.  At
a quick glance, I see that your generate_salt() function generates
SALTSIZE bytes of data and then adds a null terminator, which means that
it overruns its input array by one byte.  That may well be the problem,
or there may be other similar bugs in the code.

You should also be aware that the way you're using crypt() is
non-standard and will not work on many platforms.  You should either use
crypt() according to the standard:

        <http://www.opengroup.org/onlinepubs/009695399/functions/crypt.html>

or use your own encryption routine.

-Larry Jones

ANY idiot can be famous.  I figure I'm more the LEGENDARY type! -- Calvin

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Cvs-dev] cvs-passwd patch: weird problem, (continued)
- Re: [Cvs-dev] cvs-passwd patch: weird problem, Larry Jones <=

Prev by Date: Re: [Cvs-dev] cvs-passwd patch: weird problem
Next by Date: Re: [Cvs-dev] cvs-passwd patch: weird problem
Previous by thread: Re: [Cvs-dev] cvs-passwd patch: weird problem
Next by thread: [Cvs-dev] Re: [Cvs-cvs] ccvs ChangeLog NEWS [cvs1-11-x-branch]
Index(es):
- Date
- Thread