From f0f2ac9ee5a0b83806899cc3636941acb87bbccf Mon Sep 17 00:00:00 2001
From: Michal Zidek <mzidek@redhat.com>
Date: Tue, 2 Oct 2012 15:06:53 +0200
Subject: sss_seed: Passwords longer then PASS_MAX not allowed.

sss_seed fails if password file specified with -p or
--password-file option contains password longer than
PASS_MAX.

Man pages inform about PASS_MAX limitation.
---
 src/man/sss_seed.8.xml | 12 ++++++++++++
 src/tools/sss_seed.c   |  9 ++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/man/sss_seed.8.xml b/src/man/sss_seed.8.xml
index e83b610b..39f8c026 100644
--- a/src/man/sss_seed.8.xml
+++ b/src/man/sss_seed.8.xml
@@ -159,6 +159,18 @@
         </variablelist>
     </refsect1>
 
+    <refsect1 id='notes'>
+        <title>NOTES</title>
+        <para>
+            The length of the password (or the size of file specified with -p
+            or --password-file option) must be less than or equal to PASS_MAX
+            bytes (64 bytes on systems with no globally-defined PASS_MAX value).
+        </para>
+        <para>
+        </para>
+    </refsect1>
+
+
     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/seealso.xml" />
 
 </refentry>
diff --git a/src/tools/sss_seed.c b/src/tools/sss_seed.c
index 9b8f69b1..9b1471d7 100644
--- a/src/tools/sss_seed.c
+++ b/src/tools/sss_seed.c
@@ -263,7 +263,7 @@ static int seed_password_input_file(TALLOC_CTX *mem_ctx,
     }
 
     errno = 0;
-    len = sss_atomic_read_s(fd, buf, PASS_MAX);
+    len = sss_atomic_read_s(fd, buf, PASS_MAX + 1);
     if (len == -1) {
         ret = errno;
         DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to read password from file "
@@ -274,6 +274,13 @@ static int seed_password_input_file(TALLOC_CTX *mem_ctx,
     }
 
     close(fd);
+
+    if (len > PASS_MAX) {
+        ERROR("Password file too big.\n");
+        ret = EINVAL;
+        goto done;
+    }
+
     buf[len] = '\0';
 
     /* Only the first line is valid (without '\n'). */
-- 
cgit