If the user-provided password exceeds the maximum password length, don't
bother passing it to crypt(). It won't succeed and may allow an attacker
to confirm that the user exists.
Reported by: jkim@
MFC after: 1 week
Security: CVE-2016-6210
Description
Description
Details
Details
- Provenance
des Authored on - Parents
- rS325009: Make gmountver(8) use direct dispatch.
- Branches
- Unknown
- Tags