I just spoke with Alec Muffett, the author of cracklib and he pointed me to the new version (2.6) on his homepage: http://www.users.dircon.co.uk/~crypto/. I still see a lot of strcpy's, but that particular one is no longer a problem, and I havn't had the time to check the whole thing out thoroughly. CERT is supposed to be releasing and advisory about it soon... Rick On Sun, 14 Dec 1997, Jon Lewis wrote: > While looking at compiling the latest shadow utils with cracklib support, > I was kind of surprised when gcc complained about things like: > > fascist.c:220: warning: passing arg 2 of `strcpy' makes pointer from > integer without a cast > > strcpy in security software...hmm....so I took a look at fascist.c and was > pretty surprised to find: > > char gbuffer[STRINGSIZE]; > ... > strcpy(gbuffer, Lowercase(pwp->pw_gecos)); > > STRINGSIZE is defined in cracklib/packer.h:#define STRINGSIZE 256 > > So...to test this, I used chfn on a Red Hat 4.2 system to set my full-name > to a string of about 300+ chars, and tried to change my passwd. > > $ chfn > Changing finger information for jlewis. > Password: > Name [hmm]: > 11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111 > Office []: > Office Phone []: > Home Phone []: > > Finger information changed. > $ passwd > Changing password for jlewis > (current) UNIX password: > New UNIX password: > Segmentation fault > $ > > I took a look at Aleph One's Smashing the Stack paper, but got nowhere > since chfn (at least on RH 4.2) won't let me have control characters in > the gecos field. Still, shouldn't cracklib be fixed? I'm not installing > it without some sprintf->snprintf mods. > > ------------------------------------------------------------------ > Jon Lewis <jlewisat_private> | Unsolicited commercial e-mail will > Network Administrator | be proof-read for $199/message. > Florida Digital Turnpike | > ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____ > ========================================================================= Rick Byers Internet Access Worldwide rickbat_private System Admin University of Waterloo, Computer Science (905)714-1400 http://www.iaw.on.ca/rickb/ http://www.iaw.on.ca/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:36:06 PDT