output formatting does not work decently for long user-selected passwords (>=13 chars)

Bug #894739 reported by Steven Van Acker
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
makepasswd (Ubuntu)
Fix Released
Medium
Colin Watson

Bug Description

Hi,

when I generate a password hash for a user-selected password (with --clearfrom) that is longer than 12 characters,
the original password and hashed version are concatenated.
This output messes up my other scripts, since they expect 2 fields to be present when parsing.

Example:

root@melissa:~# echo AAAAAAAAAAAAA | makepasswd --crypt --clearfrom /dev/stdin
AAAAAAAAAAAAAhtgSp/lr98hzo

root@melissa:~# echo AAAAAAAAAAAAA | makepasswd --crypt --clearfrom /dev/stdin --verbose

makepasswd v1.10 (c) 1997-1999 by Rob Levin <email address hidden>,
last modified Monday, 7 April 1999 at 22:56 (UCT)
All rights reserved by the author, licensed under GPL version 2.

Password=AAAAAAAAAAAAAEncrypted String=YJS/ZC1rz5hic

The problem can be fixed in the Clear() subrouting in /usr/bin/makepasswd, by adding the following line (patch included):

    $CharFormat = length($Clear) + 3;

From what I can tell, this bug is present in natty, oneiric and precise

root@melissa:~# lsb_release -rd
Description: Ubuntu 11.04
Release: 11.04

root@melissa:~# apt-cache policy makepasswd
makepasswd:
  Installed: 1.10-5
  Candidate: 1.10-5
  Version table:
 *** 1.10-5 0
        500 http://nl.archive.ubuntu.com/ubuntu/ natty/universe amd64 Packages
        100 /var/lib/dpkg/status

kind regards,
-- Steven

Tags: patch
Revision history for this message
Steven Van Acker (steven-vanacker) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "makepasswd.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Colin Watson (cjwatson)
Changed in makepasswd (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Colin Watson (cjwatson)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package makepasswd - 1.10-9

---------------
makepasswd (1.10-9) unstable; urgency=low

  * Fix output formatting when --clearfrom password is >= 12 characters
    (thanks, Steven Van Acker; LP: #894739).
  * Remove redundant debian/dirs file.
  * Canonicalise Vcs-Bzr and Vcs-Browser URLs.
  * Override debian-watch-file-is-missing Lintian message.
  * Explicitly set source format to 1.0 for now.
  * Policy version 3.9.4: no changes required.

 -- Colin Watson <email address hidden> Mon, 27 May 2013 23:43:43 +0100

Changed in makepasswd (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers