Package: lsat
Version: 0.9.7.1-1
Severity: normal
Tags: patch
LSAT's checkftpusers module hardcodes max number of users to check in many
places. The amount (100) is too low for servers. I include a patch that
extracts the value to a #defined constant, and set to 4000.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
--- checkftpusers.c.orig czw lut 5 14:31:59 2009
+++ checkftpusers.c czw lut 5 14:36:25 2009
@@ -14,6 +14,8 @@
#include <fcntl.h>
#include <unistd.h>
+#define MAX_FTP_USERS 4000
+
int checkftpusers(filename, verbose, html)
const char *const filename;
int verbose;
@@ -26,8 +28,8 @@
/* the passwd list... we ass|u|me that a username */
/* will be < 120 chars. :O => line[120] */
char line[120]; /* array for a line */
- char temparray[100][120]; /*temparray. */
- char tempstring[100][120]; /* string to hold ftpusername */
+ char temparray[MAX_FTP_USERS][120]; /*temparray. */
+ char tempstring[MAX_FTP_USERS][120]; /* string to hold ftpusername */
int i=0; /* counter variable */
int j=0; /* counter variable */
int k=0; /* counter variable */
@@ -46,7 +48,7 @@
const char * header =NULL;
/* init temparray */
- for (i=0; i<100; i++)
+ for (i=0; i<MAX_FTP_USERS; i++)
{
for (j=0; j<120; j++)
{
@@ -179,7 +181,7 @@
} /* end if (passptr != NULL) */
/* inc the counter */
i++;
- if (i>100)
+ if (i>MAX_FTP_USERS)
{
perror("Error in module checkftpusers: Too much data.\n");
return(-1);
@@ -235,7 +237,7 @@
} /* end if (ftpptr != NULL) */
/* inc the linec ounter */
linecount++;
- if (linecount>100)
+ if (linecount>MAX_FTP_USERS)
{
perror("Error in checkftpusers: Too much data.");
return(-1);
@@ -245,7 +247,7 @@
/* ok, now compare an entry in the userlist */
/* we have against the entries in ftpusers */
- i = 100;
+ i = MAX_FTP_USERS;
for (j = 0; j < i; j++)
{
for (k=0; k < linecount; k++)
