[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

comments on this bug report (pam_unix)



Hi,

I'm not confident about accepting this (pam_unix) bug report and patch:

http://sourceforge.net/tracker/index.php?func=detail&aid=521314&group_id=6663&atid=106663

Unfortunately, the originator didn't provide contact information, so I'm
unable to follow up directly with him.

Basically, I can't confirm what is wrong with the code without the
patch. The str[n]cmp seems to force the comparison to be abreviated
string if the salt is smaller than the encrypted password (NUL
termination is not the issue since everything appears to be NUL
terminated).

Is this a legacy issue? (Something like bigcrypt thinks you want a
bigcrypted password if you type a long password in - even when the
stored encrypted password was truncated before encryption - that is the
storage process didn't use bigcrypt?)

I'd be happy if someone could comment/confirm that this is indeed a
correct patch.

Thanks

Andrew





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []