lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040228145434.2e60b8cd.timothy.demulder@tiscali.be> From: timothy.demulder at tiscali.be (Timothy Demulder) Subject: LOL, stupid calife maintainer - this can't be true On Sat, 28 Feb 2004 14:18:20 +0100 "DownBload / Illegal Instruction Labs" <downbload@...mail.com> wrote: > This can't be true... ... > Vulnerable code ("glibc problem" ;-) -> > /root/calife-2.8.4c/db.c > ------------------------ > ... > char got_pass = 0; > char * pt_pass, * pt_enc, > * user_pass, * enc_pass, salt [10]; > > user_pass = (char *) xalloc (l_size); > enc_pass = (char *) xalloc (l_size); > ... > for ( i = 0; i < 3; i ++ ) > { > pt_pass = (char *) getpass ("Password:"); > memset (user_pass, '\0', l_size); > strcpy (user_pass, pt_pass); // <- BAD CODE > pt_enc = (char *) crypt (user_pass, calife->pw_passwd); > memset (enc_pass, '\0', l_size); > strcpy (enc_pass, pt_enc); > } > ... > free (user_pass); // <- FUN CODE ;-) > free (enc_pass); // <- FUN CODE ;-) > ... It's just plain sad, there should be capital punishement for people who code like this.
Powered by blists - more mailing lists