Buffer overflow waiting to happen
> /* Truncate passwd at eight characters on general principles.*/
> passwd[8] = 0;
Wrong. MD5 passwords can be significant to a lot more than 8 chars.
> argv++;
> sprintf(salt,"%s",*argv);
Another buffer overflow waiting to happen
> /* Truncate salt at two characters, ditto. */
> salt[2] = 0;
Wrong. MD5 salt is longer than 2 chars.
> s=crypt(passwd,salt);
> printf("%s\n",s);
> exit(0);
> }
People, don't truncate things before passing them to crypt. It knows more
than you do about the right lengths of passwords and salt.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/