Package: login
Version: 1:4.1.4.2-1
Severity: normal
File: /usr/bin/newgrp
If you try to switch to a password protected (with gpasswd) group you are no
member of using "newgrp somegroup", even if you supply the right password, you
get "Invalid password.".
The reason is the code for reading /etc/gshadow being broken. Attached is a
small fix against svn://svn.debian.org/svn/pkg-shadow/upstream/trunk Revision
3094.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.33-rc6 (SMP w/1 CPU core)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages login depends on:
ii libc6 2.10.2-2 GNU C Library: Shared libraries
ii libpam-modules 1.1.0-4 Pluggable Authentication Modules f
ii libpam-runtime 1.1.0-4 Runtime support for the PAM librar
ii libpam0g 1.1.1-1 Pluggable Authentication Modules l
login recommends no packages.
login suggests no packages.
-- no debconf information
Index: lib/gshadow.c
===================================================================
--- lib/gshadow.c (Revision 3094)
+++ lib/gshadow.c (Arbeitskopie)
@@ -222,6 +222,7 @@
if (NULL == buf) {
return NULL;
}
+ buflen = BUFSIZ;
}
if (NULL == fp) {
@@ -229,9 +230,9 @@
}
#ifdef USE_NIS
- while (fgetsx (buf, (int) sizeof buf, fp) == buf)
+ while (fgetsx (buf, buflen, fp) == buf)
#else
- if (fgetsx (buf, (int) sizeof buf, fp) == buf)
+ if (fgetsx (buf, buflen, fp) == buf)
#endif
{
while ( ((cp = strrchr (buf, '\n')) == NULL)
