Subject: bin/30483: skeyinit re-uses non-compliant seeds
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <eravin@panix.com>
List: netbsd-bugs
Date: 06/09/2005 17:33:00
>Number: 30483
>Category: bin
>Synopsis: skeyinit re-uses non-compliant seeds
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jun 09 17:33:00 +0000 2005
>Originator: Ed Ravin
>Release: 2.0
>Organization:
PANIX
>Environment:
NetBSD panix5.panix.com 2.0 NetBSD 2.0 (PANIX-USER) #3: Thu Jan 13 20:20:38 EST 2005 root@trinity.nyc.access.net:/devel/netbsd/2.0/src/sys/arch/i386/compile/PANIX-USER i386
>Description:
If a user's seed in /etc/skeykeys contains a hyphen or other non-alphanumeric character, and it ends in a numeric character, when the user runs skeyinit to reset their account, they are offered the same seed with the last digit incremented. The code in skeyinit.c does not
check for non-compliant (i.e. non-alphanumeric) characters in the seed if the default seed is
re-used (i.e. user just hits enter to select default seed).
>How-To-Repeat:
Add an entry like this to /etc/skeykeys
bozo 0023 bad-69786 0123456789abcdef Jun 09,2005 13:23:06
Run "skeyinit -s". Accept the default seed.
The default seed is used, still with the hyphen. Note that if you try to type in
your own seed with a hyphen, it won't be permitted.
>Fix:
Totally untested patch:
--- skeyinit.c 2004-01-05 18:23:37.000000000 -0500
+++ /tmp/skeyinit.c 2005-06-09 13:30:34.000000000 -0400
@@ -221,6 +221,8 @@
fflush(stdout);
fgets(seed, sizeof(seed), stdin);
rip(seed);
+ if (seed[0] == '\0')
+ (void)strlcpy(seed, defaultseed, sizeof(seed));
for (p = seed; *p; p++) {
if (isalpha(*p)) {
if (isupper(*p))
@@ -237,8 +239,6 @@
printf("Notice: Seed truncated to %d characters.\n", SKEY_MAX_SEED_LEN);
seed[SKEY_MAX_SEED_LEN] = '\0';
}
- if (seed[0] == '\0')
- (void)strlcpy(seed, defaultseed, sizeof(seed));
for (i = 0;; i++) {
if (i >= 2)