Date: Mon, 7 Apr 1997 23:01:18 -0400 (EDT) From: Drew Derbyshire <ahd@kew.com> To: FreeBSD-gnats-submit@freebsd.org, ahd@dumbo.hh.kew.com Subject: misc/3224: uucpd.c fails because of inverted expiration check Message-ID: <199704080301.XAA14094@dumbo.hh.kew.com> Resent-Message-ID: <199704080310.UAA11754@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 3224
>Category: misc
>Synopsis: uucpd.c 1.11 account expiration check
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Apr 7 20:10:01 PDT 1997
>Last-Modified:
>Originator: Drew Derbyshire
>Organization:
Kendra Electronic Wonderworks, Stoneham MA
>Release: FreeBSD 2.2-RELEASE i386 (uucpd.c 1.11 from 3.0 sources)
>Environment:
uucpd.c 1.11 from 3.0-CURRENT source tree on 2.1-RELEASE
>Description:
The account expiration check modified in uucpd.c 1.10 is
inverted; the previous version failed the login if the
account was expired; the new version inverts the if statement
meaning (the login is passed), but the actual if logic still
looks for an expired account.
>How-To-Repeat:
Attempt login to via port 540 (uucpd) with valid account, it
fails. An expired account will succeed.
>Fix:
*** uucpd.c 1997/04/01 20:39:59 1.11
--- uucpd.c 1997/04/06 03:52:14 1.12
***************
*** 33,39 ****
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
! * $Id: uucpd.c,v 1.11 1997/04/01 20:39:59 joerg Exp $
*/
#ifndef lint
--- 33,39 ----
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
! * $Id: uucpd.c,v 1.12 1997/04/06 03:52:14 ahd Exp $
*/
#ifndef lint
***************
*** 163,170 ****
* 3. Account has expired
* 4. Password is incorrect
*/
! if (pw != NULL && strcmp(pw->pw_shell, _PATH_UUCICO) == 0 &&
! pw->pw_expire && time(NULL) >= pw->pw_expire)
pwdok = 1;
/* always ask for passwords to deter account guessing */
if (!pwdok || (pw->pw_passwd && *pw->pw_passwd != '\0')) {
--- 163,171 ----
* 3. Account has expired
* 4. Password is incorrect
*/
! if ((pw != NULL) &&
! (strcmp(pw->pw_shell, _PATH_UUCICO) == 0) &&
! (!pw->pw_expire || (time(NULL) <= pw->pw_expire)))
pwdok = 1;
/* always ask for passwords to deter account guessing */
if (!pwdok || (pw->pw_passwd && *pw->pw_passwd != '\0')) {
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704080301.XAA14094>