Bug 4068 - ypserv- (update.c:233) cannot change password
ypserv- (update.c:233) cannot change password
Product: Red Hat Raw Hide
Classification: Retired
Component: ypserv (Show other bugs)
i386 Linux
high Severity high
: ---
: ---
Assigned To: Cristian Gafton
Depends On:
  Show dependency treegraph
Reported: 1999-07-16 04:04 EDT by Wesley Tanaka
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 1999-07-20 17:03:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Wesley Tanaka 1999-07-16 04:04:04 EDT
I see a few problems with the source code at this point.

Line 231: sizeof (rootpass) on my computer is 4.  This is
always going to be less than strlen(pw->pw_passwd)  So this
if statement is redundant.  I think this was perhaps meant
to say strlen (rootpass)

However: rootpass is uninitialized if !HAVE_GETSPNAM &&
CHECKROOT  so strlen would not work.

Also: even if strlen(pw->pw_passwd) >= sizeof (rootpass) &&
strlen(pw->pw_passwd) >= strlen (rootpass), the code then
goes on to replace rootpass with enough space to complete
the strcpy unconditionally

P.S. there is no check to see whether or not the alloca
(line 236) has failed.

Could CHECKROOT be turned off in the binary rpm until this
problem is somehow otherwise resolved?
Comment 1 Wesley Tanaka 1999-07-16 04:21:59 EDT
ypserv- would segfault with yp-tools-2.2-1 (after
sucessfully changing the password).  However, it seems to work with

This problem that I was experiencing was happening in combination with
Comment 2 Wesley Tanaka 1999-07-16 04:57:59 EDT
Thorsten Kukuk <kukuk@suse.de> wrote me back and said that, indeed,
removing that bizarre if statement was the correct patch.  1.3.36
(which is newer than has this fix incorporated.
Comment 3 Wesley Tanaka 1999-07-16 05:38:59 EDT
i misunderstood mr kukuk.  1.3.36 is the latest stable released
version, not the latest version. is indeed the latest
version, and I guess he has that patch applied in some local
sourcetree of his:

  "No, it is fixed in my sourcetree. I only need patches
for the other things in the TODO file."
Comment 4 Jeff Johnson 1999-07-20 17:03:59 EDT
I believe this problem is fixed in ypserv- Please reopen
this bug if I'm mistaken.

Note You need to log in before you can comment on or make changes to this bug.