Summary: | please don't use hpux getpass() | ||
---|---|---|---|
Product: | APR | Reporter: | deckrider |
Component: | APR | Assignee: | Apache Portable Runtime bugs mailinglist <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 1.2.7 | ||
Target Milestone: | --- | ||
Hardware: | HP | ||
OS: | HP-UX | ||
Attachments: | don't use system getpass() if PASS_MAX is too small |
Description
deckrider
2006-08-15 17:47:18 UTC
Created attachment 18719 [details]
don't use system getpass() if PASS_MAX is too small
It was fixed only really for Solaris which will use getpassphrase() instead; I
guess HP-UX doesn't have that. Does this patch work?
The following returns nothing, so I'm mistified where PASS_MAX is set: cd httpd-2.2.3 find . -type f | xargs grep PASS_MAX Is PASS_MAX supposed to be defined by some system header? Or does it just not exist on hpux? Thanks for the clue Garrett ... it is here on HP-UX B.11.23 ia64: /usr/include/limits.h:# define PASS_MAX 8 I guess my only other concern is what is the 'correct' max length that ought to be supported? We came upon this issue because we authenticate against an ldap server for subversion. I'm guessing that a password to do this kind of bind/authentication could easily be up to 128 characters (perhaps more), and if the password prompt doesn't permit this, authentication fails. A quick look at Solaris 10 shows a MAX_PASS of 256 [I suppose this is for getpassphrase(), which is not available on HP-UX B.11.23 ia64]. I believe the default for our internal implementation is 256, for what it's worth. Committed to trunk: http://svn.apache.org/viewvc?view=rev&rev=454774 |