[BUG SUB] handling of realname, key pair generating - silc-client
nh
nhwith at bonbon.net
Tue Jul 25 02:16:06 CEST 2006
Software: silc-client
Version: silc-client-1.0.3
Operating System: linux, maybe other systems also
Installation: source
Severity: non-critical
Description:
for example on debian when you use adduser utility and let some fields empty (eg \'Full Name\')
--
svab:x:1005:1005:,,,:/crypted/svab:/bin/bash
such record can be generated
--
piece of code from lib/silcutil/unix/silcunixutil.c:
if (strchr(pw->pw_gecos, \',\'))
*strchr(pw->pw_gecos, \',\') = 0;
realname = strdup(pw->pw_gecos);
return realname;
in case of our passwd record, pointer to memory where is only \'\\0\' is returned, this makes real mess when key pair is being generated (eg first silc run), and result is that key pair is unusable so user cant run silc at all (cant get over passphrase check), there are no error messages (even in process of key pair generating), nothing, just password isnt accepted (as it would be invalid)
--
in my opinion this may affect many other systems/distributions
of course one may say that there should be realname filled for every user on every system but you know :>
How to repeat:
svab:x:1005:1005:,,,:/crypted/svab:/bin/bash
Remote Environment:
unspecified
Fix:
--- silcunixutil_old.c 2006-07-25 02:11:28.590729600 +0200
+++ silcunixutil_new.c 2006-07-25 02:11:48.000000000 +0200
@@ -165,6 +165,9 @@
if (strchr(pw->pw_gecos, \',\'))
*strchr(pw->pw_gecos, \',\') = 0;
+ if (!strlen(pw->pw_gecos))
+ return strdup(\"Foo T. Bar\");
+
realname = strdup(pw->pw_gecos);
return realname;
More information about the silc-devel
mailing list