From owner-freebsd-bugs Sat Oct 18 19:40:04 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id TAA17321 for bugs-outgoing; Sat, 18 Oct 1997 19:40:04 -0700 (PDT) (envelope-from owner-freebsd-bugs) Received: (from gnats@localhost) by hub.freebsd.org (8.8.7/8.8.7) id TAA17291; Sat, 18 Oct 1997 19:40:01 -0700 (PDT) (envelope-from gnats) Resent-Date: Sat, 18 Oct 1997 19:40:01 -0700 (PDT) Resent-Message-Id: <199710190240.TAA17291@hub.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, mishania@demos.su Received: from pappnase.demos.su (pappnase.dol.ru [194.87.5.66]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id TAA16938 for ; Sat, 18 Oct 1997 19:31:35 -0700 (PDT) (envelope-from mishania@pappnase.demos.su) Received: (from root@localhost) by pappnase.demos.su (8.8.7/8.8.5) id GAA09817; Sun, 19 Oct 1997 06:30:16 +0400 (MSD) Message-Id: <199710190230.GAA09817@pappnase.demos.su> Date: Sun, 19 Oct 1997 06:30:16 +0400 (MSD) From: mishania@demos.su Reply-To: mishania@demos.su To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: bin/4801: login.c mistake/typo? in 3.0-CURRENT Sender: owner-freebsd-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >Number: 4801 >Category: bin >Synopsis: critical mistake in login.c's code. >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Oct 18 19:40:00 PDT 1997 >Last-Modified: >Originator: Mikhail A. Sokolov >Organization: Demos Company, Ltd. >Release: FreeBSD 3.0-CURRENT i386 >Environment: FreeBSD 3.0-current. >Description: Original code of login.c, line 555 has a mistake, which leads to having passwords always expired, if you don't use LOGIN_CAP >: #define DEFAULT_WARN (2L * 7L & 86400L) /* Two weeks */ :> ^^!! :>here's the mistake - this operation gives null DEFAULT_WARN #ifdef LOGIN_CAP warntime = login_getcaptime(lc, "warnpassword", DEFAULT_WARN, DEFAULT_WARN); #else warntime = DEFAULT_WARN; :> i.e. if you don't use LOGIN_CAP, warntime == NULL. #endif changepass=0; if (pwd->pw_change) { if (tp.tv_sec >= pwd->pw_change) { (void)printf("Sorry -- your password has expired.\n"); changepass=1; syslog(LOG_INFO, "%s Password expired - forcing change", pwd->pw_name); } else if (pwd->pw_change - tp.tv_sec < warntime && !quietlog) :> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ :> this is always true, since warntime = NULL. (void)printf("Warning: your password expires on %s", ctime(&pwd->pw_change)); >How-To-Repeat: >Fix: line 555 of login.c should read : #define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ >Audit-Trail: >Unformatted: