Re: [Cvs-dev] cvs-passwd patch: weird problem

[Prasad J Pandit]

  Hello Larry :)

On Mon, 21 Aug 2006, Larry Jones wrote:
> Wrong.  You've got a buffer overflow in the salt generation -- it has

  Oh Larry, you are a god man, seriously you are a god. How did you find 
it? I fixed it, and you won't believe, problem disappeared. What I did is

#deinf SALTSIZE  12 (earlier it was 11)
    &
generate_salt ()
{
 ...

 while (i < SALTSIZE)
   ...
 psalt[i -1] = '\0';  /* so we've 11 char salt 0 to 10 and then '\0' */
                      /* earlier it's like: psalt[i] = '\0';   */
 ...
}

 Oh wow, this is really great! I'm soooo happy!! You know, I've been doing 
this for the whole damn week now, man, seriously!

Thank you Larry!, Thank you so much!! :) :)


> And you're using crypt() in a non-portable fashion (standard crypt does 
> not support MD5).

  Any other *better* option ?


Thank you!
--
regards
   -Prasad
PS: Please don't send me html/attachment/Fwd mails