On Mon, 08 May 2023 16:17:51 -, Tobias Stoeckmann wrote:
> Turns out that we have yet another possibility to trigger a theoretical
> signed integer overflow if pwd_tries is INT_MAX. This one avoids such
> situation as well.
OK millert@
- todd
I have committed the error handling aspects of the patch.
Turns out that we have yet another possibility to trigger a theoretical
signed integer overflow if pwd_tries is INT_MAX. This one avoids such
situation as well.
Okay?
Index: local_passwd.c
=
On Fri, May 05, 2023 at 11:00:12AM -0600, Todd C. Miller wrote:
> This looks OK but I'd like to see an error message if waitpid()
> really does fail. How about something like this, which also avoid
> needing the extra variable?
Yes, looks much better!
Index: local_passwd.c
=
On Fri, 05 May 2023 17:05:05 -, Tobias Stoeckmann wrote:
> On Fri, May 05, 2023 at 11:00:12AM -0600, Todd C. Miller wrote:
> > This looks OK but I'd like to see an error message if waitpid()
> > really does fail. How about something like this, which also avoid
> > needing the extra variable?
On Fri, 05 May 2023 16:46:51 -, Tobias Stoeckmann wrote:
> In getnewpasswd we increment "tries" every time we try to enter a new
> password. The code allows this to be repeated endlessly by defining
> passwordtries to be 0 in /etc/login.conf. But unfortunately we even
> increment the int "trie
Hi,
this patch fixes error paths and an undefined behaviour:
In getnewpasswd we increment "tries" every time we try to enter a new
password. The code allows this to be repeated endlessly by defining
passwordtries to be 0 in /etc/login.conf. But unfortunately we even
increment the int "tries" if p