Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: cert0002.txt

CERT Advisory CA-89:01 passwd hole





-----BEGIN PGP SIGNED MESSAGE-----


CA-89:01
                                 CERT Advisory
                                 January 1989
                                 Passwd hole
- -----------------------------------------------------------------------------

The CERT center received the following information from Keith Bostic
from the Computer Systems Research Group at UC-Berkeley on Dec. 21, 1988.
This patch has also been posted to comp.bugs.4bsd.ucb-fixes.

Please note that this patch will only work with BSD 4.3.  If you have
4.2 please let me know and I will forward the correct patch.

- -----------------------------------------------------------------------------

Computer Emergency Response Team (CERT)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Internet: cert@cert.org
Telephone: 412-268-7090 24-hour hotline: CERT personnel answer
           7:30a.m.-6:00p.m. EST, on call for
           emergencies other hours.

Past advisories and other information are available for anonymous ftp
from cert.org (192.88.209.5).




Subject: security problem in passwd
Index: bin/passwd.c 4.3BSD

Description:
	There's a security problem associated with the passwd(1)
	program in all known Berkeley systems.  This problem is
	also in most Berkeley derived systems, see your vendor
	for more information.

Fix:
	Apply the following patch to the file src/bin/passwd.c and
	recompile/reinstall it.

*** passwd.c.orig	Wed Dec 21 08:57:41 1988
- --- passwd.c	Wed Dec 21 09:00:25 1988
***************
*** 332,337 ****
- --- 332,339 ----
  	return (crypt(pwbuf, saltc));
  }
  
+ #define	STRSIZE	100
+ 
  char *
  getloginshell(pwd, u, arg)
  	struct passwd *pwd;
***************
*** 338,344 ****
  	int u;
  	char *arg;
  {
! 	static char newshell[BUFSIZ];
  	char *cp, *valid, *getusershell();
  
  	if (pwd->pw_shell == 0 || *pwd->pw_shell == '\0')
- --- 340,346 ----
  	int u;
  	char *arg;
  {
! 	static char newshell[STRSIZE];
  	char *cp, *valid, *getusershell();
  
  	if (pwd->pw_shell == 0 || *pwd->pw_shell == '\0')
***************
*** 415,423 ****
  getfingerinfo(pwd)
  	struct passwd *pwd;
  {
! 	char in_str[BUFSIZ];
  	struct default_values *defaults, *get_defaults();
! 	static char answer[4*BUFSIZ];
  
  	answer[0] = '\0';
  	defaults = get_defaults(pwd->pw_gecos);
- --- 417,425 ----
  getfingerinfo(pwd)
  	struct passwd *pwd;
  {
! 	char in_str[STRSIZE];
  	struct default_values *defaults, *get_defaults();
! 	static char answer[4*STRSIZE];
  
  	answer[0] = '\0';
  	defaults = get_defaults(pwd->pw_gecos);
***************
*** 429,435 ****
  	 */
  	do {
  		printf("\nName [%s]: ", defaults->name);
! 		(void) fgets(in_str, BUFSIZ, stdin);
  		if (special_case(in_str, defaults->name)) 
  			break;
  	} while (illegal_input(in_str));
- --- 431,437 ----
  	 */
  	do {
  		printf("\nName [%s]: ", defaults->name);
! 		(void) fgets(in_str, STRSIZE, stdin);
  		if (special_case(in_str, defaults->name)) 
  			break;
  	} while (illegal_input(in_str));
***************
*** 440,446 ****
  	do {
  		printf("Room number (Exs: 597E or 197C) [%s]: ",
  			defaults->office_num);
! 		(void) fgets(in_str, BUFSIZ, stdin);
  		if (special_case(in_str, defaults->office_num))
  			break;
  	} while (illegal_input(in_str) || illegal_building(in_str));
- --- 442,448 ----
  	do {
  		printf("Room number (Exs: 597E or 197C) [%s]: ",
  			defaults->office_num);
! 		(void) fgets(in_str, STRSIZE, stdin);
  		if (special_case(in_str, defaults->office_num))
  			break;
  	} while (illegal_input(in_str) || illegal_building(in_str));
***************
*** 452,458 ****
  	do {
  		printf("Office Phone (Ex: 6426000) [%s]: ",
  			defaults->office_phone);
! 		(void) fgets(in_str, BUFSIZ, stdin);
  		if (special_case(in_str, defaults->office_phone))
  			break;
  		remove_hyphens(in_str);
- --- 454,460 ----
  	do {
  		printf("Office Phone (Ex: 6426000) [%s]: ",
  			defaults->office_phone);
! 		(void) fgets(in_str, STRSIZE, stdin);
  		if (special_case(in_str, defaults->office_phone))
  			break;
  		remove_hyphens(in_str);
***************
*** 464,470 ****
  	 */
  	do {
  		printf("Home Phone (Ex: 9875432) [%s]: ", defaults->home_phone);
! 		(void) fgets(in_str, BUFSIZ, stdin);
  		if (special_case(in_str, defaults->home_phone))
  			break;
  		remove_hyphens(in_str);
- --- 466,472 ----
  	 */
  	do {
  		printf("Home Phone (Ex: 9875432) [%s]: ", defaults->home_phone);
! 		(void) fgets(in_str, STRSIZE, stdin);
  		if (special_case(in_str, defaults->home_phone))
  			break;
  		remove_hyphens(in_str);
***************
*** 501,507 ****
  	if (input_str[length-1] != '\n') {
  		/* the newline and the '\0' eat up two characters */
  		printf("Maximum number of characters allowed is %d\n",
! 			BUFSIZ-2);
  		/* flush the rest of the input line */
  		while (getchar() != '\n')
  			/* void */;
- --- 503,509 ----
  	if (input_str[length-1] != '\n') {
  		/* the newline and the '\0' eat up two characters */
  		printf("Maximum number of characters allowed is %d\n",
! 			STRSIZE-2);
  		/* flush the rest of the input line */
  		while (getchar() != '\n')
  			/* void */;

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaMwYnVP+x0t4w7BAQGIIQP+LHLWu+bwSc4HCJeEj0l48f0Y++YenSBn
wV/dU4Ky1g0BcgccKhDsQJBLW0jOQXqGIaSOAWTgcIaFcuFyFv/6OrgkeWupv+Q4
G+F0gbNXJrscCQYa7GRuS4YA8snpQmwrICrGGC6KKgIb6+2haAj+vHL1UQI+ujAL
OXJFbkBkVk4=
=Uifa
-----END PGP SIGNATURE-----



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH