Bug 1054 - SILO does not proper check password
Summary: SILO does not proper check password
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: silo
Version: 5.2
Hardware: sparc
OS: Linux
high
medium
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-02-06 01:06 UTC by Viraj Alankar
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-03-22 23:59:11 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Viraj Alankar 1999-02-06 01:06:29 UTC 
The SILO that ships with RH 5.2 has a bug which causes it
to not check the password correctly when 'password='
keyword is used in silo.conf. This bug is also in the
latest SILO 0.8.5 source code. The following is the problem
area from second/main.c:

void check_password(char *str)
{
    int i;

    for (i = 0; i < 3; i++) {
        printf ("\n%sassword: ", str);
        passwdbuff[0] = 0;
        cmdedit ((void (*)(void)) 0, 1);
        printf ("\n");
        if (!strncmp (password, passwdbuff))
            return;

As you can see, strncmp is called without the proper number
of arguments. This call should be a strcmp and not a
strncmp.


------- Email Received From  valankar@bigfoot.com 02/07/99 10:56 -------


------- Email Received From  valankar@bigfoot.com 02/07/99 11:21 -------
Comment 1 Bill Nottingham 1999-03-22 23:59:59 UTC 
fixed in silo-0.8.5-5. Thanks!
Note You need to log in before you can comment on or make changes to this bug.