Bug 1054 - SILO does not proper check password
SILO does not proper check password
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: silo (Show other bugs)
5.2
sparc Linux
high Severity medium
: ---
: ---
Assigned To: David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-02-05 20:06 EST by Viraj Alankar
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-03-22 18:59:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Viraj Alankar 1999-02-05 20:06:29 EST
The SILO that ships with RH 5.2 has a bug which causes it
to not check the password correctly when 'password='
keyword is used in silo.conf. This bug is also in the
latest SILO 0.8.5 source code. The following is the problem
area from second/main.c:

void check_password(char *str)
{
    int i;

    for (i = 0; i < 3; i++) {
        printf ("\n%sassword: ", str);
        passwdbuff[0] = 0;
        cmdedit ((void (*)(void)) 0, 1);
        printf ("\n");
        if (!strncmp (password, passwdbuff))
            return;

As you can see, strncmp is called without the proper number
of arguments. This call should be a strcmp and not a
strncmp.


------- Email Received From  valankar@bigfoot.com 02/07/99 10:56 -------


------- Email Received From  valankar@bigfoot.com 02/07/99 11:21 -------
Comment 1 Bill Nottingham 1999-03-22 18:59:59 EST
fixed in silo-0.8.5-5. Thanks!

Note You need to log in before you can comment on or make changes to this bug.