Bugzilla – Bug 5658
passwords are limited 2047 characters
Last modified: 2018-07-11 10:54:24
You need to
before you can comment on or make changes to this bug.
Bug 5654 fixes a bug with dynamic allocation of password strings. However, if
passed password is >=511 characters the pamtester will hang. This hints about
some buffer constraint of 512 bytes which probably should be dynamic sized.
Probably as part of bug 5086. The limit is now 1024 bytes. If that limit is
reached the tl-pamapp doesn't hang and the response is truncated.
(In reply to comment #1)
> Probably as part of bug 5086. The limit is now 1024 bytes. If that limit is
> reached the tl-pamapp doesn't hang and the response is truncated.
Probably fixed as part of*
It seems we don't flush the rest of the line though, meaning we will leak the
rest of it to whatever PAM prompt comes next. So it looks like we still have
(and the buffer actually ended up being 2048 bytes, not 1024)