Date: Sun, 19 Oct 1997 06:30:16 +0400 (MSD) From: mishania@demos.su To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/4801: login.c mistake/typo? in 3.0-CURRENT Message-ID: <199710190230.GAA09817@pappnase.demos.su> Resent-Message-ID: <199710190240.TAA17291@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 4801 >Category: bin >Synopsis: critical mistake in login.c's code. >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Oct 18 19:40:00 PDT 1997 >Last-Modified: >Originator: Mikhail A. Sokolov >Organization: Demos Company, Ltd. >Release: FreeBSD 3.0-CURRENT i386 >Environment: FreeBSD 3.0-current. >Description: Original code of login.c, line 555 has a mistake, which leads to having passwords always expired, if you don't use LOGIN_CAP <comments start with :>>: #define DEFAULT_WARN (2L * 7L & 86400L) /* Two weeks */ :> ^^!! :>here's the mistake - this operation gives null DEFAULT_WARN #ifdef LOGIN_CAP warntime = login_getcaptime(lc, "warnpassword", DEFAULT_WARN, DEFAULT_WARN); #else warntime = DEFAULT_WARN; :> i.e. if you don't use LOGIN_CAP, warntime == NULL. #endif changepass=0; if (pwd->pw_change) { if (tp.tv_sec >= pwd->pw_change) { (void)printf("Sorry -- your password has expired.\n"); changepass=1; syslog(LOG_INFO, "%s Password expired - forcing change", pwd->pw_name); } else if (pwd->pw_change - tp.tv_sec < warntime && !quietlog) :> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :> this is always true, since warntime = NULL. (void)printf("Warning: your password expires on %s", ctime(&pwd->pw_change)); >How-To-Repeat: >Fix: line 555 of login.c should read : #define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710190230.GAA09817>