Bug 1054
| Summary: | SILO does not proper check password | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Viraj Alankar <valankar> |
| Component: | silo | Assignee: | David Lawrence <dkl> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 5.2 | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | sparc | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 1999-03-22 23:59:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
fixed in silo-0.8.5-5. Thanks! |
The SILO that ships with RH 5.2 has a bug which causes it to not check the password correctly when 'password=' keyword is used in silo.conf. This bug is also in the latest SILO 0.8.5 source code. The following is the problem area from second/main.c: void check_password(char *str) { int i; for (i = 0; i < 3; i++) { printf ("\n%sassword: ", str); passwdbuff[0] = 0; cmdedit ((void (*)(void)) 0, 1); printf ("\n"); if (!strncmp (password, passwdbuff)) return; As you can see, strncmp is called without the proper number of arguments. This call should be a strcmp and not a strncmp. ------- Email Received From valankar 02/07/99 10:56 ------- ------- Email Received From valankar 02/07/99 11:21 -------