Let's make sure we're at the end of the password string before we apply a \0

and terminate it. This patch ensures passwords will be the correct length of 8,
which is what is implied in the source (but not reflected in the man page).

PR:		bin/7817
Reviewed by:	Alfred Perlstein <bright@hotjobs.com>
Submitted by:	Hiroshi Nishikawa <nis@pluto.dti.ne.jp>
This commit is contained in:
Bill Fumerola 1999-01-02 04:37:46 +00:00
parent a777e82019
commit 5d1711220c

View File

@ -26,7 +26,7 @@
#ifndef lint
static const char rcsid[] =
"$Id$";
"$Id: pw_user.c,v 1.23 1997/10/10 06:23:39 charnier Exp $";
#endif /* not lint */
#include <ctype.h>
@ -925,7 +925,7 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user)
l = (random() % 8 + 8); /* 8 - 16 chars */
pw_getrand(rndbuf, l);
for (i = 0; i < l; i++)
pwbuf[i] = chars[rndbuf[i] % sizeof(chars)];
pwbuf[i] = chars[rndbuf[i] % (sizeof(chars)-1)];
pwbuf[i] = '\0';
/*