=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/passwd/pwd_check.c,v retrieving revision 1.5 retrieving revision 1.6 diff -c -r1.5 -r1.6 *** src/usr.bin/passwd/pwd_check.c 2002/05/27 21:12:54 1.5 --- src/usr.bin/passwd/pwd_check.c 2002/06/28 22:28:17 1.6 *************** *** 1,4 **** ! /* $OpenBSD: pwd_check.c,v 1.5 2002/05/27 21:12:54 itojun Exp $ */ /* * Copyright 2000 Niels Provos * All rights reserved. --- 1,4 ---- ! /* $OpenBSD: pwd_check.c,v 1.6 2002/06/28 22:28:17 deraadt Exp $ */ /* * Copyright 2000 Niels Provos * All rights reserved. *************** *** 54,60 **** struct pattern patterns[] = { { ! "^[0-9]*$", REG_EXTENDED|REG_NOSUB, "Please don't use all-digit passwords." }, --- 54,60 ---- struct pattern patterns[] = { { ! "^[0-9]*$", REG_EXTENDED|REG_NOSUB, "Please don't use all-digit passwords." }, *************** *** 87,93 **** int i, res, min_len; char *cp, option[LINE_MAX]; int pipefds[2]; ! min_len = (int) login_getcapnum(lc, "minpasswordlen", 6, 6); if (min_len > 0 && strlen(password) < min_len) { printf("Please enter a longer password.\n"); --- 87,93 ---- int i, res, min_len; char *cp, option[LINE_MAX]; int pipefds[2]; ! min_len = (int) login_getcapnum(lc, "minpasswordlen", 6, 6); if (min_len > 0 && strlen(password) < min_len) { printf("Please enter a longer password.\n"); *************** *** 123,139 **** grp = getgrgid(pwd->pw_gid); if (grp != NULL) { ! snprintf(grpkey, LINE_MAX-1, ":%s", grp->gr_name); - grpkey[LINE_MAX-1] = 0; pw_getconf(option, LINE_MAX, grpkey, "pwdcheck"); } if (grp != NULL && *option == 0 && strchr(pwd->pw_name, '.') == NULL) { ! snprintf(grpkey, LINE_MAX-1, ".%s", grp->gr_name); - grpkey[LINE_MAX-1] = 0; pw_getconf(option, LINE_MAX, grpkey, "pwdcheck"); } --- 123,137 ---- grp = getgrgid(pwd->pw_gid); if (grp != NULL) { ! snprintf(grpkey, LINE_MAX, ":%s", grp->gr_name); pw_getconf(option, LINE_MAX, grpkey, "pwdcheck"); } if (grp != NULL && *option == 0 && strchr(pwd->pw_name, '.') == NULL) { ! snprintf(grpkey, LINE_MAX, ".%s", grp->gr_name); pw_getconf(option, LINE_MAX, grpkey, "pwdcheck"); } *************** *** 142,148 **** "pwdcheck"); } } ! /* If no checker is specified, we accept the password */ if (*option == 0) return (1); --- 140,146 ---- "pwdcheck"); } } ! /* If no checker is specified, we accept the password */ if (*option == 0) return (1); *************** *** 155,161 **** res = fork(); if (res == 0) { char *argp[] = { "sh", "-c", NULL, NULL}; ! /* Drop privileges */ seteuid(getuid()); setuid(getuid()); --- 153,159 ---- res = fork(); if (res == 0) { char *argp[] = { "sh", "-c", NULL, NULL}; ! /* Drop privileges */ seteuid(getuid()); setuid(getuid()); *************** *** 186,200 **** return (1); out: ! printf("Please use a different password.\nUnusual capitalization, control characters or digits are suggested.\n"); return (0); } ! int pwd_gettries( struct passwd *pwd, login_cap_t *lc ) { char option[LINE_MAX]; ! char *ep = option; quad_t ntries; /* * Check login.conf, falling back onto the deprecated passwd.conf --- 184,201 ---- return (1); out: ! printf("Please use a different password. Unusual capitalization,\n"); ! printf("control characters, or digits are suggested.\n"); return (0); } ! int ! pwd_gettries( struct passwd *pwd, login_cap_t *lc ) { char option[LINE_MAX]; ! char *ep = option; quad_t ntries; + long lval; /* * Check login.conf, falling back onto the deprecated passwd.conf *************** *** 202,208 **** if ((ntries = login_getcapnum(lc, "passwordtries", -1, -1)) != -1) { if (ntries > INT_MAX || ntries < 0) { fprintf(stderr, ! "Warning: pwdtries out of range in /etc/login.conf"); goto out; } return((int)ntries); --- 203,209 ---- if ((ntries = login_getcapnum(lc, "passwordtries", -1, -1)) != -1) { if (ntries > INT_MAX || ntries < 0) { fprintf(stderr, ! "Warning: pwdtries out of range in /etc/login.conf"); goto out; } return((int)ntries); *************** *** 217,258 **** grp = getgrgid(pwd->pw_gid); if (grp != NULL) { ! snprintf(grpkey, LINE_MAX-1, ":%s", grp->gr_name); ! grpkey[LINE_MAX-1] = 0; pw_getconf(option, LINE_MAX, grpkey, "pwdtries"); } if (grp != NULL && *option == 0 && strchr(pwd->pw_name, '.') == NULL) { ! snprintf(grpkey, LINE_MAX-1, ".%s", grp->gr_name); ! grpkey[LINE_MAX-1] = 0; pw_getconf(option, LINE_MAX, grpkey, "pwdtries"); } if (*option == 0) pw_getconf(option, LINE_MAX, "default", "pwdtries"); } ! if (*option == 0) goto out; ! else { ! long lval; ! errno = 0; ! lval = strtol(option, &ep, 10); ! if (option[0] == '\0' || *ep != '\0') { ! fprintf(stderr, ! "Warning: Bad pwdtries line in /etc/passwd.conf"); ! goto out; ! } ! if ((errno == ERANGE && (lval == LONG_MAX ! || lval == LONG_MIN)) || ! (lval > INT_MAX || lval < 0)) { ! fprintf(stderr, ! "Warning: pwdtries out of range in /etc/passwd.conf"); ! goto out; ! } ! return((int) lval); } ! /* If no amount of tries is specified, return a default of * 3, meaning that after 3 attempts where the user is foiled * by the password checks, it will no longer be checked and * they can set it to whatever they like. --- 218,254 ---- grp = getgrgid(pwd->pw_gid); if (grp != NULL) { ! snprintf(grpkey, LINE_MAX, ":%s", grp->gr_name); pw_getconf(option, LINE_MAX, grpkey, "pwdtries"); } if (grp != NULL && *option == 0 && strchr(pwd->pw_name, '.') == NULL) { ! snprintf(grpkey, LINE_MAX, ".%s", grp->gr_name); pw_getconf(option, LINE_MAX, grpkey, "pwdtries"); } if (*option == 0) pw_getconf(option, LINE_MAX, "default", "pwdtries"); } ! if (*option == 0) goto out; ! ! errno = 0; ! lval = strtol(option, &ep, 10); ! if (option[0] == '\0' || *ep != '\0') { ! fprintf(stderr, ! "Warning: Bad pwdtries line in /etc/passwd.conf"); ! goto out; } + if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) || + (lval > INT_MAX || lval < 0)) { + fprintf(stderr, + "Warning: pwdtries out of range in /etc/passwd.conf"); + goto out; + } + return((int) lval); ! /* If no amount of tries is specified, return a default of * 3, meaning that after 3 attempts where the user is foiled * by the password checks, it will no longer be checked and * they can set it to whatever they like. *************** *** 260,264 **** out: return (3); } - - --- 256,258 ----