Ubuntu
makepasswd package

output formatting does not work decently for long user-selected passwords (>=13 chars)

Bug #894739 reported by Steven Van Acker
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
makepasswd (Ubuntu)
Fix Released
Medium
Colin Watson

Bug Description

Hi,

when I generate a password hash for a user-selected password (with --clearfrom) that is longer than 12 characters,
the original password and hashed version are concatenated.
This output messes up my other scripts, since they expect 2 fields to be present when parsing.

Example:

root@melissa:~# echo AAAAAAAAAAAAA | makepasswd --crypt --clearfrom /dev/stdin
AAAAAAAAAAAAAhtgSp/lr98hzo

root@melissa:~# echo AAAAAAAAAAAAA | makepasswd --crypt --clearfrom /dev/stdin --verbose

makepasswd v1.10 (c) 1997-1999 by Rob Levin <email address hidden>,
last modified Monday, 7 April 1999 at 22:56 (UCT)
All rights reserved by the author, licensed under GPL version 2.

Password=AAAAAAAAAAAAAEncrypted String=YJS/ZC1rz5hic

The problem can be fixed in the Clear() subrouting in /usr/bin/makepasswd, by adding the following line (patch included):

    $CharFormat = length($Clear) + 3;

From what I can tell, this bug is present in natty, oneiric and precise

root@melissa:~# lsb_release -rd
Description: Ubuntu 11.04
Release: 11.04

root@melissa:~# apt-cache policy makepasswd
makepasswd:
  Installed: 1.10-5
  Candidate: 1.10-5
  Version table:
 *** 1.10-5 0
        500 http://nl.archive.ubuntu.com/ubuntu/ natty/universe amd64 Packages
        100 /var/lib/dpkg/status

kind regards,
-- Steven

Tags: patch
Revision history for this message
Steven Van Acker (steven-vanacker) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "makepasswd.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Colin Watson (cjwatson)
Changed in makepasswd (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Colin Watson (cjwatson)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package makepasswd - 1.10-9

---------------
makepasswd (1.10-9) unstable; urgency=low

  * Fix output formatting when --clearfrom password is >= 12 characters
    (thanks, Steven Van Acker; LP: #894739).
  * Remove redundant debian/dirs file.
  * Canonicalise Vcs-Bzr and Vcs-Browser URLs.
  * Override debian-watch-file-is-missing Lintian message.
  * Explicitly set source format to 1.0 for now.
  * Policy version 3.9.4: no changes required.

 -- Colin Watson <email address hidden> Mon, 27 May 2013 23:43:43 +0100

Changed in makepasswd (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.