[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

comments on this bug report (pam_unix)


I'm not confident about accepting this (pam_unix) bug report and patch:


Unfortunately, the originator didn't provide contact information, so I'm
unable to follow up directly with him.

Basically, I can't confirm what is wrong with the code without the
patch. The str[n]cmp seems to force the comparison to be abreviated
string if the salt is smaller than the encrypted password (NUL
termination is not the issue since everything appears to be NUL

Is this a legacy issue? (Something like bigcrypt thinks you want a
bigcrypted password if you type a long password in - even when the
stored encrypted password was truncated before encryption - that is the
storage process didn't use bigcrypt?)

I'd be happy if someone could comment/confirm that this is indeed a
correct patch.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []