Let's make sure we're at the end of the password string before we apply a \0
and terminate it. This patch ensures passwords will be the correct length of 8, which is what is implied in the source (but not reflected in the man page). PR: bin/7817 Reviewed by: Alfred Perlstein <bright@hotjobs.com> Submitted by: Hiroshi Nishikawa <nis@pluto.dti.ne.jp>
This commit is contained in:
parent
a777e82019
commit
5d1711220c
@ -26,7 +26,7 @@
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] =
|
||||
"$Id$";
|
||||
"$Id: pw_user.c,v 1.23 1997/10/10 06:23:39 charnier Exp $";
|
||||
#endif /* not lint */
|
||||
|
||||
#include <ctype.h>
|
||||
@ -925,7 +925,7 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user)
|
||||
l = (random() % 8 + 8); /* 8 - 16 chars */
|
||||
pw_getrand(rndbuf, l);
|
||||
for (i = 0; i < l; i++)
|
||||
pwbuf[i] = chars[rndbuf[i] % sizeof(chars)];
|
||||
pwbuf[i] = chars[rndbuf[i] % (sizeof(chars)-1)];
|
||||
pwbuf[i] = '\0';
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user