[Pkg-shadow-devel] Bug#677275: passwd: RAND_MAX is for rand() only, and on some systems random() can exceed RAND_MAX
Igor Pashev
pashev.igor at gmail.com
Tue Jun 12 20:15:53 UTC 2012
Package: passwd
Version: 1:4.1.5.1-1
Severity: wishlist
Dear Maintainer,
function SHA_salt_size() in file libmisc/salt.c uses random() to get random
number and divides it by RAND_MAX.
This is incorrect.
RAND_MAX macro is designed for C standard fucntion rand() (value of the
RAND_MAX macro shall be at least 32767) [1]
But random() returns numbers in the range from 0 to 2^31-1 [2].
So, random()/RAND_MAX could result in a value > 1.
I propose to replace RAND_MAX with LONG_MAX.
[1] http://pubs.opengroup.org/onlinepubs/009695399/functions/rand.html
[2] http://pubs.opengroup.org/onlinepubs/7908799/xsh/initstate.html
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages passwd depends on:
ii debianutils 4.3.1
ii libc6 2.13-33
ii libpam-modules 1.1.3-7.1
ii libpam0g 1.1.3-7.1
ii libselinux1 2.1.9-2
ii libsemanage1 2.1.6-2
passwd recommends no packages.
passwd suggests no packages.
-- no debconf information
More information about the Pkg-shadow-devel
mailing list