Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1054 - SILO does not proper check password
SILO does not proper check password
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: silo (Show other bugs)
5.2
sparc Linux
high Severity medium
: ---
: ---
Assigned To: David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-02-05 20:06 EST by Viraj Alankar
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-03-22 18:59:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Viraj Alankar 1999-02-05 20:06:29 EST 
The SILO that ships with RH 5.2 has a bug which causes it
to not check the password correctly when 'password='
keyword is used in silo.conf. This bug is also in the
latest SILO 0.8.5 source code. The following is the problem
area from second/main.c:

void check_password(char *str)
{
    int i;

    for (i = 0; i < 3; i++) {
        printf ("\n%sassword: ", str);
        passwdbuff[0] = 0;
        cmdedit ((void (*)(void)) 0, 1);
        printf ("\n");
        if (!strncmp (password, passwdbuff))
            return;

As you can see, strncmp is called without the proper number
of arguments. This call should be a strcmp and not a
strncmp.


------- Email Received From  valankar@bigfoot.com 02/07/99 10:56 -------


------- Email Received From  valankar@bigfoot.com 02/07/99 11:21 -------
Comment 1 Bill Nottingham 1999-03-22 18:59:59 EST 
fixed in silo-0.8.5-5. Thanks!
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.