gnats-prs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gnats/395: gnats-pwconv


From: pmt
Subject: gnats/395: gnats-pwconv
Date: Wed, 26 Jun 2002 11:06:42 -0400

>Number:         395
>Category:       gnats
>Synopsis:       gnats-pwconv
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jun 26 11:06:42 -0400 2002
>Originator:     Pascal Meyrat
>Release:        gnats 4.0 beta 1
>Organization:

>Environment:
PC, Linux SuSE 7.3
>Description:
By converting gnats3 passwords to crypted passwords, "gnats-conv" returns: 
"salt" and "crypt() function return value". The crypt() function returns 13 
printable characters and the first 2 characters already represent the "salt". 
So we have the salt twice. Therefore there will be a problem by checking 
passwords.
>How-To-Repeat:

>Fix:
In gnats-pwconv.c, change "result=asprintf(newpwentry, 
"%s%s",salt,crypt(clearpwstring,salt));" to "result=asprintf(newpwentry, 
"%s",crypt(clearpwstring,salt));"
>Unformatted:
 



reply via email to

[Prev in Thread] Current Thread [Next in Thread]