Subject: bin/23167: login(1) skey prompt does not comply with RFC2289
To: None <gnats-bugs@gnats.netbsd.org>
From: None <khym@azeotrope.org>
List: netbsd-bugs
Date: 10/16/2003 00:18:08
>Number: 23167
>Category: bin
>Synopsis: login(1) s/key prompt does not comply with RFC2289
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Oct 16 05:19:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator: Dave Huang
>Release: NetBSD 1.6ZC
>Organization:
Name: Dave Huang | Mammal, mammal / their names are called /
INet: khym@azeotrope.org | they raise a paw / the bat, the cat /
FurryMUCK: Dahan | dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 27 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++
>Environment:
System: NetBSD yerfable.azeotrope.org 1.6ZC NetBSD 1.6ZC (YERFABLE) #200: Sat Oct 4 00:54:49 CDT 2003 khym@yerfable.azeotrope.org:/usr2/obj.alpha/sys/arch/alpha/compile/YERFABLE alpha
Architecture: alpha
Machine: alpha
>Description:
The s/key prompt issued by login(1) looks like this:
Password [otp-md5 94 yerf08320]:
However, RFC2289 says that "...the entire challenge string MUST be
terminated with either a space or a new line."
See bin/14848 <http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=14848>
where ftpd was doing the same thing (ftpd has since been fixed and the
PR closed).
>How-To-Repeat:
Telnet to a system using s/key OTPs and log in.
>Fix:
Index: login.c
===================================================================
RCS file: /cvsroot/src/usr.bin/login/login.c,v
retrieving revision 1.74
diff -u -r1.74 login.c
--- login.c 2003/08/26 16:48:33 1.74
+++ login.c 2003/10/16 05:16:36
@@ -422,7 +422,7 @@
const char *skinfo = skey_keyinfo(username);
(void)snprintf(skprompt, sizeof(skprompt)-1,
- "Password [%s]:",
+ "Password [ %s ]:",
skinfo ? skinfo : "error getting challenge");
pwprompt = skprompt;
} else
>Release-Note:
>Audit-Trail:
>Unformatted: