Fixing a Buffer Overflow in UNIX v4 Like It's 1973
41 points by rw-rw-rw-
41 points by rw-rw-rw-
Great article! Also, the linked mastodon thread about the only copy of UNIX v4 restoration is absolutely great. Glad to see such important media being archived like that.
But since the code after the badpw label doesn't have a return statement, you can just enter any password, so the buffer overflow isn't buying you anything. (I haven't actually tested this, so maybe C worked differently in the ancient times, but it sure looks bad).
No, the badpw label is used when there’s a bad password file. The error label is used when the user types in an incorrect password.
Ah, so the labels are just badly named. My mistake. (Also, the error messages could use some work!)
Heh, “sorry” is still the error message for an incorrect password https://cgit.freebsd.org/src/tree/usr.bin/su/su.c#n298
Although the sensibility of the naming is dubious it’s consistent with getpw returning a password file entry, and passwd fields being prefixed pw_.
badpw does not mean the password is wrong, it means the password data base is broken. error is the jump label for a wrong password.