+++ This bug was initially created as a clone of Bug #120060 +++ From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2) Gecko/20040308 Description of problem: During a code review, I found several issues with the programs in the passwd rpm. Notibly, the passwd program has an off by 1 in the case of --stdin. buffer is 80, len passed to read is 79, location 78 is 0'ed. This is more noticeable if you imagine i == 1 after read. Also, if read returns an error, the program continues as if nothing bad happened and tries to zero buffer[-2]; Also, pam_start was not being checked for its return code. Various minor memory leaks. Version-Release number of selected component (if applicable): passwd-0.68 How reproducible: Always Steps to Reproduce: Found during code review. Additional info: I will attach a patch that fixes these. I did not look at prior versions to see if these issues exist. Please see the parent bug for a patch.
This issue also affects RHEL2.1
These issues are fixed in RHEL4 and aren't worth/safe fixing in RHEL3/2.1.