From 57b8ac5e40ecbf38c5d992dfed243b736afa03a3 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Wed, 22 Jan 2025 16:29:25 +0100 Subject: [PATCH] src/: Call passalloca() before a loop Calling passalloca() (which is a wrapper around alloca(3)) in a loop is dangerous, as it can trigger a stack overflow. Instead, allocate the buffer before the loop, and run getpass2() within the loop, which will reuse the buffer. Signed-off-by: Alejandro Colomar --- src/gpasswd.c | 8 +++++--- src/passwd.c | 7 +++++-- src/sulogin.c | 6 ++++-- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/src/gpasswd.c b/src/gpasswd.c index 5b38b4f20..a8a227fe3 100644 --- a/src/gpasswd.c +++ b/src/gpasswd.c @@ -27,7 +27,8 @@ #include "exitcodes.h" #include "groupio.h" #include "nscd.h" -#include "pass/getpassa.h" +#include "pass/getpass2.h" +#include "pass/passalloca.h" #include "pass/passzero.h" #include "prototypes.h" #ifdef SHADOWGRP @@ -831,15 +832,16 @@ static void change_passwd (struct group *gr) */ printf (_("Changing the password for group %s\n"), group); + cp = passalloca(); for (retries = 0; retries < RETRIES; retries++) { - cp = getpassa(_("New Password: ")); + cp = getpass2(cp, _("New Password: ")); if (NULL == cp) { exit (1); } STRTCPY(pass, cp); passzero(cp); - cp = getpassa(_("Re-enter new password: ")); + cp = getpass2(cp, _("Re-enter new password: ")); if (NULL == cp) { MEMZERO(pass); exit (1); diff --git a/src/passwd.c b/src/passwd.c index 93203f74a..a44e2de35 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -25,7 +25,9 @@ #include "defines.h" #include "getdef.h" #include "nscd.h" +#include "pass/getpass2.h" #include "pass/getpassa.h" +#include "pass/passalloca.h" #include "pass/passzero.h" #include "prototypes.h" #include "pwauth.h" @@ -293,8 +295,9 @@ static int new_password (const struct passwd *pw) } } else { warned = false; + cp = passalloca(); for (i = getdef_num ("PASS_CHANGE_TRIES", 5); i > 0; i--) { - cp = getpassa(_("New password: ")); + cp = getpass2(cp, _("New password: ")); if (NULL == cp) { MEMZERO(orig); MEMZERO(pass); @@ -328,7 +331,7 @@ static int new_password (const struct passwd *pw) warned = true; continue; } - cp = getpassa(_("Re-enter new password: ")); + cp = getpass2(cp, _("Re-enter new password: ")); if (NULL == cp) { MEMZERO(orig); MEMZERO(pass); diff --git a/src/sulogin.c b/src/sulogin.c index 4f1a233bf..0384f4068 100644 --- a/src/sulogin.c +++ b/src/sulogin.c @@ -21,7 +21,8 @@ #include "attr.h" #include "defines.h" #include "getdef.h" -#include "pass/getpassa.h" +#include "pass/getpass2.h" +#include "pass/passalloca.h" #include "pass/passzero.h" #include "prototypes.h" #include "pwauth.h" @@ -129,6 +130,7 @@ main(int argc, char *argv[]) (void) signal (SIGALRM, catch_signals); /* exit if the timer expires */ (void) alarm (ALARM); /* only wait so long ... */ + pass = passalloca(); do { /* repeatedly get login/password pairs */ char *pass; const char *prompt; @@ -151,7 +153,7 @@ main(int argc, char *argv[]) "(or give root password for system maintenance):"); /* get a password for root */ - pass = getpassa(prompt); + pass = getpass2(pass, prompt); /* * XXX - can't enter single user mode if root password is