Date: Wed, 24 May 1995 00:16:36 -0700 From: Paul Traina <pst@shockwave.com> To: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> Cc: asami@freefall.cdrom.com (Satoshi Asami), CVS-commiters@freefall.cdrom.com, cvs-ports@freefall.cdrom.com Subject: Re: cvs commit: ports/mail/popper/patches patch-ac Message-ID: <199505240716.AAA00425@precipice.shockwave.com> In-Reply-To: Your message of "Wed, 24 May 1995 00:08:53 PDT." <199505240708.AAA08617@gndrsh.aac.dev.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Absolutely... I thought I already submitted a patch for this that
got rid of the check entirely. The check is totally unnecessary.
From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com>
Subject: Re: cvs commit: ports/mail/popper/patches patch-ac
>
> asami 95/05/23 22:35:48
>
> Added: mail/popper/patches patch-ac
> Log:
> Make popper work for both DES and MD4 passwords. Basically, just
> change one of the error checks from "strlen(.) != 13" to "strlen(.) !=
> 13 && strlen(.) != 34".
>
> Submitted by: Martin Renters <martin@victor.innovus.com>
Code that knows about the length of the password entry in a system
should be considered extremly non portable at best, and a violation
of data abstraction at worst.
The man page for getpwent says:
char *pw_passwd; /* encrypted password */
No place in any of the manual pages will you find that the string
length of the password string is either 13 or 34 bytes, Poul and I
dug all over for this very thing when he wanted to do the MD5 password
before it was ever done to make sure we would not be breaking a
documented interface.
Popper should treat this as a null terminated string of unknown length!
--
Rod Grimes rgrimes@gndrsh.aac.dev.com
Accurate Automation Company Custom computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199505240716.AAA00425>