Re: passwd: fix error paths and undefined behaviour

2023-05-08 Thread Todd C . Miller
On Mon, 08 May 2023 16:17:51 -, Tobias Stoeckmann wrote: > Turns out that we have yet another possibility to trigger a theoretical > signed integer overflow if pwd_tries is INT_MAX. This one avoids such > situation as well. OK millert@ - todd

Re: passwd: fix error paths and undefined behaviour

2023-05-08 Thread Tobias Stoeckmann
I have committed the error handling aspects of the patch. Turns out that we have yet another possibility to trigger a theoretical signed integer overflow if pwd_tries is INT_MAX. This one avoids such situation as well. Okay? Index: local_passwd.c =

Re: passwd: fix error paths and undefined behaviour

2023-05-05 Thread Tobias Stoeckmann
On Fri, May 05, 2023 at 11:00:12AM -0600, Todd C. Miller wrote: > This looks OK but I'd like to see an error message if waitpid() > really does fail. How about something like this, which also avoid > needing the extra variable? Yes, looks much better! Index: local_passwd.c =

Re: passwd: fix error paths and undefined behaviour

2023-05-05 Thread Todd C . Miller
On Fri, 05 May 2023 17:05:05 -, Tobias Stoeckmann wrote: > On Fri, May 05, 2023 at 11:00:12AM -0600, Todd C. Miller wrote: > > This looks OK but I'd like to see an error message if waitpid() > > really does fail. How about something like this, which also avoid > > needing the extra variable?

Re: passwd: fix error paths and undefined behaviour

2023-05-05 Thread Todd C . Miller
On Fri, 05 May 2023 16:46:51 -, Tobias Stoeckmann wrote: > In getnewpasswd we increment "tries" every time we try to enter a new > password. The code allows this to be repeated endlessly by defining > passwordtries to be 0 in /etc/login.conf. But unfortunately we even > increment the int "trie

passwd: fix error paths and undefined behaviour

2023-05-05 Thread Tobias Stoeckmann
Hi, this patch fixes error paths and an undefined behaviour: In getnewpasswd we increment "tries" every time we try to enter a new password. The code allows this to be repeated endlessly by defining passwordtries to be 0 in /etc/login.conf. But unfortunately we even increment the int "tries" if p