From ab5f8d28a4019d7be8fa2a93391245da08b01d1b Mon Sep 17 00:00:00 2001 From: Garrett Wollman Date: Tue, 20 Sep 1994 21:40:12 +0000 Subject: [PATCH] Fix security hole in YP password support, which wouldmake +user entries act like + entries in some cases. Requires support in libc from next commit. --- usr.sbin/pwd_mkdb/pwd_mkdb.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c index 19d782885cd9..9c1ecc7f98fc 100644 --- a/usr.sbin/pwd_mkdb/pwd_mkdb.c +++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c @@ -178,7 +178,13 @@ main(argc, argv) data.data = (u_char *)buf; key.data = (u_char *)tbuf; for (cnt = 1; scan(fp, &pwd); ++cnt) { - if(pwd.pw_name[0] == '+') yp_enabled = 1; + if(pwd.pw_name[0] == '+') { + if(pwd.pw_name[1] && !yp_enabled) { + yp_enabled = 1; + } else if(!pwd.pw_name[1]) { + yp_enabled = -1; + } + } #define COMPACT(e) t = e; while (*p++ = *t++); /* Create insecure data. */ p = buf; @@ -230,6 +236,8 @@ main(argc, argv) } /* If YP enabled, set flag. */ if(yp_enabled) { + buf[0] = yp_enabled + 2; + data.size = 1; tbuf[0] = _PW_KEYYPENABLED; key.size = 1; if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1) @@ -295,12 +303,13 @@ main(argc, argv) if ((dp->put)(edp, &key, &data, R_NOOVERWRITE) == -1) error("put"); } - /* If YP enabled, set flag. */ if(yp_enabled) { + buf[0] = yp_enabled + 2; + data.size = 1; tbuf[0] = _PW_KEYYPENABLED; key.size = 1; - if ((dp->put)(edp, &key, &data, R_NOOVERWRITE) == -1) + if ((dp->put)(dp, &key, &data, R_NOOVERWRITE) == -1) error("put"); }