diff --git a/lib/agetpass.c b/lib/agetpass.c index 11809ab7..5d9f9286 100644 --- a/lib/agetpass.c +++ b/lib/agetpass.c @@ -11,7 +11,6 @@ #include #include -#include #include #include @@ -24,11 +23,6 @@ #endif /* WITH_LIBBSD */ -#if !defined(PASS_MAX) -#define PASS_MAX BUFSIZ - 1 -#endif - - /* * SYNOPSIS * [[gnu::malloc(erase_pass)]] diff --git a/lib/defines.h b/lib/defines.h index 93543e85..8c55dddb 100644 --- a/lib/defines.h +++ b/lib/defines.h @@ -25,6 +25,7 @@ ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2)) #endif +#include #include #include @@ -202,4 +203,14 @@ # define shadow_getenv(name) getenv(name) #endif +/* + * Maximum password length + * + * Consider that there is also limit in PAM (PAM_MAX_RESP_SIZE) + * currently set to 512. + */ +#if !defined(PASS_MAX) +#define PASS_MAX BUFSIZ - 1 +#endif + #endif /* _DEFINES_H_ */ diff --git a/src/passwd.c b/src/passwd.c index 939ad79d..3e0a6eb8 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -175,8 +175,8 @@ static int new_password (const struct passwd *pw) char *cipher; /* Pointer to cipher text */ const char *salt; /* Pointer to new salt */ char *cp; /* Pointer to agetpass() response */ - char orig[200]; /* Original password */ - char pass[200]; /* New password */ + char orig[PASS_MAX + 1]; /* Original password */ + char pass[PASS_MAX + 1]; /* New password */ int i; /* Counter for retries */ bool warned; int pass_max_len = -1;