Your message dated Wed, 01 Jul 2009 07:32:08 +0000
with message-id <e1mluia-0005po...@ries.debian.org>
and subject line Bug#532575: fixed in lsat 0.9.7.1-2
has caused the Debian Bug report #532575,
regarding lsat: Hardcoded number of accounts too low
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
532575: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532575
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lsat
Version: 0.9.7.1-1
Severity: normal
Tags: patch
LSAT's checkftpusers module hardcodes max number of users to check in many
places. The amount (100) is too low for servers. I include a patch that
extracts the value to a #defined constant, and set to 4000.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
--- checkftpusers.c.orig czw lut 5 14:31:59 2009
+++ checkftpusers.c czw lut 5 14:36:25 2009
@@ -14,6 +14,8 @@
#include <fcntl.h>
#include <unistd.h>
+#define MAX_FTP_USERS 4000
+
int checkftpusers(filename, verbose, html)
const char *const filename;
int verbose;
@@ -26,8 +28,8 @@
/* the passwd list... we ass|u|me that a username */
/* will be < 120 chars. :O => line[120] */
char line[120]; /* array for a line */
- char temparray[100][120]; /*temparray. */
- char tempstring[100][120]; /* string to hold ftpusername */
+ char temparray[MAX_FTP_USERS][120]; /*temparray. */
+ char tempstring[MAX_FTP_USERS][120]; /* string to hold ftpusername */
int i=0; /* counter variable */
int j=0; /* counter variable */
int k=0; /* counter variable */
@@ -46,7 +48,7 @@
const char * header =NULL;
/* init temparray */
- for (i=0; i<100; i++)
+ for (i=0; i<MAX_FTP_USERS; i++)
{
for (j=0; j<120; j++)
{
@@ -179,7 +181,7 @@
} /* end if (passptr != NULL) */
/* inc the counter */
i++;
- if (i>100)
+ if (i>MAX_FTP_USERS)
{
perror("Error in module checkftpusers: Too much data.\n");
return(-1);
@@ -235,7 +237,7 @@
} /* end if (ftpptr != NULL) */
/* inc the linec ounter */
linecount++;
- if (linecount>100)
+ if (linecount>MAX_FTP_USERS)
{
perror("Error in checkftpusers: Too much data.");
return(-1);
@@ -245,7 +247,7 @@
/* ok, now compare an entry in the userlist */
/* we have against the entries in ftpusers */
- i = 100;
+ i = MAX_FTP_USERS;
for (j = 0; j < i; j++)
{
for (k=0; k < linecount; k++)
--- End Message ---
--- Begin Message ---
Source: lsat
Source-Version: 0.9.7.1-2
We believe that the bug you reported is fixed in the latest version of
lsat, which is due to be installed in the Debian FTP archive:
lsat_0.9.7.1-2.diff.gz
to pool/main/l/lsat/lsat_0.9.7.1-2.diff.gz
lsat_0.9.7.1-2.dsc
to pool/main/l/lsat/lsat_0.9.7.1-2.dsc
lsat_0.9.7.1-2_amd64.deb
to pool/main/l/lsat/lsat_0.9.7.1-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 532...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Juan Angulo Moreno <j...@apuntale.com> (supplier of updated lsat package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 29 Jun 2009 09:41:13 -0430
Source: lsat
Binary: lsat
Architecture: source amd64
Version: 0.9.7.1-2
Distribution: unstable
Urgency: low
Maintainer: Juan Angulo Moreno <j...@apuntale.com>
Changed-By: Juan Angulo Moreno <j...@apuntale.com>
Description:
lsat - Security auditor tool
Closes: 532575 532582 532615 533170
Changes:
lsat (0.9.7.1-2) unstable; urgency=low
.
* Updated debian/control (Standard-Version).
* Fixed (Thanks Tomasz Nowak):
- Segmentation fault when setting output file. (Closes: #532582)
- Hardcoded number of accounts too low. (Closes: #532575)
- AWK invocation in checknet for SunOS doesn't work. (Closes: #532615)
- Checkpasswd module closes random file. (Closes: #533170)
Checksums-Sha1:
13c536920922fc7c7716f1003c63a2052c0edfd9 979 lsat_0.9.7.1-2.dsc
62e86c2aa2baf0727555be884a264d96bfb5989c 4697 lsat_0.9.7.1-2.diff.gz
8a48d6fd88d7f350bd0c9beaa488369179ff50c9 57634 lsat_0.9.7.1-2_amd64.deb
Checksums-Sha256:
8ae4a370548ddfd940a8575a2e075aac555dd80121da0e01e5b55b19becaa29a 979
lsat_0.9.7.1-2.dsc
d05ac441ee4606fb9bb644c14800612cd502f310a78a8e67db4c198b1fe70622 4697
lsat_0.9.7.1-2.diff.gz
31c6d71ae856bfee84a2ddb2229a6f8bceab3e503282d21c240ba4a9a6485688 57634
lsat_0.9.7.1-2_amd64.deb
Files:
e03cf09d8089e66542e76ad5ea9b1b26 979 utils extra lsat_0.9.7.1-2.dsc
7aa630fcf48f80bf11da04f1340af6e9 4697 utils extra lsat_0.9.7.1-2.diff.gz
b2b2c098533fc360878bcf6345b92770 57634 utils extra lsat_0.9.7.1-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpLD1EACgkQgY5NIXPNpFV66QCfTIfdYPOGv7+VSA2cSbwHbvik
g0IAnRLRAkateosNlCF6H8dJ1WIsphNy
=XMkn
-----END PGP SIGNATURE-----
--- End Message ---
