[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Cvs-dev] cvs-passwd patch: weird problem
From: |
Larry Jones |
Subject: |
Re: [Cvs-dev] cvs-passwd patch: weird problem |
Date: |
Mon, 21 Aug 2006 11:00:31 -0400 (EDT) |
Mark D. Baushke writes:
>
> To be honest, I am not sure I understand why the
> old-password is needed as it would already be in
> the users $HOME/.cvspass file...
Presumably for the same reason the Unix passwd command prompts your for
your old password even though you had to use it to log in -- to prevent
someone from using a temporarily unattended terminal to change the
user's password.
> > > You should also pay attention to Larry's suggestions regarding the
> > > improper use of the crypt() function.
> >
> > Yes, I saw that page. So, I should copy the ecrypted password from
> > crypts static buffer to some other place, and use that pointer, that's
> > it, right?
Wrong. You've got a buffer overflow in the salt generation -- it has
nothing whatsoever to do with the encrypted password. And you're using
crypt() in a non-portable fashion (standard crypt does not support MD5).
-Larry Jones
Physical education is what you learn from having your face in
someone's armpit right before lunch. -- Calvin
- [Cvs-dev] cvs-passwd patch: weird problem, Prasad J Pandit, 2006/08/19
- [Cvs-dev] Re: cvs-passwd patch: weird problem, Mark D. Baushke, 2006/08/17
- Re: [Cvs-dev] cvs-passwd patch: weird problem, Mark D. Baushke, 2006/08/19
- Re: [Cvs-dev] cvs-passwd patch: weird problem, Prasad J Pandit, 2006/08/21
- Re: [Cvs-dev] cvs-passwd patch: weird problem, Mark D. Baushke, 2006/08/21
- Re: [Cvs-dev] cvs-passwd patch: weird problem, Prasad J Pandit, 2006/08/21
- Re: [Cvs-dev] cvs-passwd patch: weird problem, Mark D. Baushke, 2006/08/21
- Re: [Cvs-dev] cvs-passwd patch: weird problem,
Larry Jones <=
- Re: [Cvs-dev] cvs-passwd patch: weird problem, Prasad J Pandit, 2006/08/22
- Re: [Cvs-dev] cvs-passwd patch: weird problem, Mark D. Baushke, 2006/08/22
- Re: [Cvs-dev] cvs-passwd patch: weird problem, Prasad J Pandit, 2006/08/22
- Re: [Cvs-dev] cvs-passwd patch: weird problem, Derek R. Price, 2006/08/22
- Re: [Cvs-dev] cvs-passwd patch: weird problem, Larry Jones, 2006/08/22
- Re: [Cvs-dev] cvs-passwd patch: weird problem, Prasad J Pandit, 2006/08/21
Re: [Cvs-dev] cvs-passwd patch: weird problem, Larry Jones, 2006/08/19