From f0f2ac9ee5a0b83806899cc3636941acb87bbccf Mon Sep 17 00:00:00 2001 From: Michal Zidek Date: Tue, 2 Oct 2012 15:06:53 +0200 Subject: sss_seed: Passwords longer then PASS_MAX not allowed. sss_seed fails if password file specified with -p or --password-file option contains password longer than PASS_MAX. Man pages inform about PASS_MAX limitation. --- src/man/sss_seed.8.xml | 12 ++++++++++++ src/tools/sss_seed.c | 9 ++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/man/sss_seed.8.xml b/src/man/sss_seed.8.xml index e83b610b..39f8c026 100644 --- a/src/man/sss_seed.8.xml +++ b/src/man/sss_seed.8.xml @@ -159,6 +159,18 @@ + + NOTES + + The length of the password (or the size of file specified with -p + or --password-file option) must be less than or equal to PASS_MAX + bytes (64 bytes on systems with no globally-defined PASS_MAX value). + + + + + + diff --git a/src/tools/sss_seed.c b/src/tools/sss_seed.c index 9b8f69b1..9b1471d7 100644 --- a/src/tools/sss_seed.c +++ b/src/tools/sss_seed.c @@ -263,7 +263,7 @@ static int seed_password_input_file(TALLOC_CTX *mem_ctx, } errno = 0; - len = sss_atomic_read_s(fd, buf, PASS_MAX); + len = sss_atomic_read_s(fd, buf, PASS_MAX + 1); if (len == -1) { ret = errno; DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to read password from file " @@ -274,6 +274,13 @@ static int seed_password_input_file(TALLOC_CTX *mem_ctx, } close(fd); + + if (len > PASS_MAX) { + ERROR("Password file too big.\n"); + ret = EINVAL; + goto done; + } + buf[len] = '\0'; /* Only the first line is valid (without '\n'). */ -- cgit