1054 – SILO does not proper check password

Bug 1054 - SILO does not proper check password

Summary: SILO does not proper check password

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	silo
Sub Component:
Version:	5.2
Hardware:	sparc
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	David Lawrence
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	1999-02-06 01:06 UTC by Viraj Alankar
Modified:	2008-05-01 15:37 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	1999-03-22 23:59:11 UTC
Embargoed:

Attachments	(Terms of Use)

Description Viraj Alankar 1999-02-06 01:06:29 UTC

The SILO that ships with RH 5.2 has a bug which causes it
to not check the password correctly when 'password='
keyword is used in silo.conf. This bug is also in the
latest SILO 0.8.5 source code. The following is the problem
area from second/main.c:

void check_password(char *str)
{
    int i;

    for (i = 0; i < 3; i++) {
        printf ("\n%sassword: ", str);
        passwdbuff[0] = 0;
        cmdedit ((void (*)(void)) 0, 1);
        printf ("\n");
        if (!strncmp (password, passwdbuff))
            return;

As you can see, strncmp is called without the proper number
of arguments. This call should be a strcmp and not a
strncmp.


------- Email Received From  valankar 02/07/99 10:56 -------


------- Email Received From  valankar 02/07/99 11:21 -------

Comment 1 Bill Nottingham 1999-03-22 23:59:59 UTC

fixed in silo-0.8.5-5. Thanks!

Note You need to log in before you can comment on or make changes to this bug.