summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/man/sss_seed.8.xml12
-rw-r--r--src/tools/sss_seed.c9
2 files changed, 20 insertions, 1 deletions
diff --git a/src/man/sss_seed.8.xml b/src/man/sss_seed.8.xml
index e83b610b..39f8c026 100644
--- a/src/man/sss_seed.8.xml
+++ b/src/man/sss_seed.8.xml
@@ -159,6 +159,18 @@
</variablelist>
</refsect1>
+ <refsect1 id='notes'>
+ <title>NOTES</title>
+ <para>
+ The length of the password (or the size of file specified with -p
+ or --password-file option) must be less than or equal to PASS_MAX
+ bytes (64 bytes on systems with no globally-defined PASS_MAX value).
+ </para>
+ <para>
+ </para>
+ </refsect1>
+
+
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/seealso.xml" />
</refentry>
diff --git a/src/tools/sss_seed.c b/src/tools/sss_seed.c
index 9b8f69b1..9b1471d7 100644
--- a/src/tools/sss_seed.c
+++ b/src/tools/sss_seed.c
@@ -263,7 +263,7 @@ static int seed_password_input_file(TALLOC_CTX *mem_ctx,
}
errno = 0;
- len = sss_atomic_read_s(fd, buf, PASS_MAX);
+ len = sss_atomic_read_s(fd, buf, PASS_MAX + 1);
if (len == -1) {
ret = errno;
DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to read password from file "
@@ -274,6 +274,13 @@ static int seed_password_input_file(TALLOC_CTX *mem_ctx,
}
close(fd);
+
+ if (len > PASS_MAX) {
+ ERROR("Password file too big.\n");
+ ret = EINVAL;
+ goto done;
+ }
+
buf[len] = '\0';
/* Only the first line is valid (without '\n'). */