shadow/libmisc/salt.c

/*
 * salt.c - generate a random salt string for crypt()
 *
 * Written by Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>,
 * public domain.
 *
 * l64a was Written by J.T. Conklin <jtc@netbsd.org>. Public domain.
 */

#include <config.h>

#ident "$Id$"

#include <sys/time.h>
#include <stdlib.h>
#include "prototypes.h"
#include "defines.h"
#include "getdef.h"

#ifndef HAVE_L64A
char *l64a(long value)
{
	static char buf[8];
	char *s = buf;
	int digit;
	int i;

	if (value < 0) {
		errno = EINVAL;
		return(NULL);
	}

	for (i = 0; value != 0 && i < 6; i++) {
		digit = value & 0x3f;

		if (digit < 2) 
			*s = digit + '.';
		else if (digit < 12)
			*s = digit + '0' - 2;
		else if (digit < 38)
			*s = digit + 'A' - 12;
		else
			*s = digit + 'a' - 38;

		value >>= 6;
		s++;
	}

	*s = '\0';

	return(buf);
}
#endif /* !HAVE_L64A */

#ifdef ENCRYPTMETHOD_SELECT
/*
 * Add the salt prefix.
 */
#define MAGNUM(array,ch)	(array)[0]= (array)[2] = '$',\
				(array)[1]=(ch),\
				(array)[2]='\0'

/*
 * Return the salt size.
 * The size of the salt string is between 8 and 16 bytes for the SHA crypt
 * methods.
 */
static unsigned int SHA_salt_size (void)
{
	srand (time (NULL));
	return 8 + (double)rand () * 9 / RAND_MAX;
}

/* ! Arguments evaluated twice ! */
#define MAX(x,y) ((x) > (y) ? (x) : (y))
#define MIN(x,y) ((x) < (y) ? (x) : (y))

/* Default number of rounds if not explicitly specified.  */
#define ROUNDS_DEFAULT 5000
/* Minimum number of rounds.  */
#define ROUNDS_MIN 1000
/* Maximum number of rounds.  */
#define ROUNDS_MAX 999999999

/*
 * Return a salt prefix specifying the rounds number for the SHA crypt methods.
 */
static char *SHA_salt_rounds (void)
{
	static char *rounds_prefix[18];
	long min_rounds = getdef_long ("SHA_CRYPT_MIN_ROUNDS", -1);
	long max_rounds = getdef_long ("SHA_CRYPT_MAX_ROUNDS", -1);
	long rounds;

	if (-1 == min_rounds && -1 == max_rounds)
		return "";

	if (-1 == min_rounds)
		min_rounds = max_rounds;

	if (-1 == max_rounds)
		max_rounds = min_rounds;

	if (min_rounds > max_rounds)
		max_rounds = min_rounds;

	srand (time (NULL));
	rounds = min_rounds +
	         (double)rand () * (max_rounds-min_rounds+1)/RAND_MAX;

	/* Sanity checks. The libc should also check this, but this
	 * protects against a rounds_prefix overflow. */
	if (rounds < ROUNDS_MIN)
		rounds = ROUNDS_MIN;

	if (rounds > ROUNDS_MAX)
		rounds = ROUNDS_MAX;

	snprintf (rounds_prefix, 18, "rounds=%ld$", rounds);

	/* Sanity checks. That should not be necessary. */
	rounds_prefix[17] = '\0';
	if ('$' != rounds_prefix[16])
		rounds_prefix[17] = '$';

	return rounds_prefix;
}
#endif

/*
 * Generate 8 base64 ASCII characters of random salt.  If MD5_CRYPT_ENAB
 * in /etc/login.defs is "yes", the salt string will be prefixed by "$1$"
 * (magic) and pw_encrypt() will execute the MD5-based FreeBSD-compatible
 * version of crypt() instead of the standard one.
 * Other methods can be set with ENCRYPT_METHOD
 */
char *crypt_make_salt (void)
{
	struct timeval tv;
	/* Max result size for the SHA methods:
	 *  +3		$5$
	 *  +17		rounds=999999999$
	 *  +16		salt
	 *  +1		\0
	 */
	static char result[40];
	int max_salt_len = 8;
	char *method;

	result[0] = '\0';

#ifndef USE_PAM
#ifdef ENCRYPTMETHOD_SELECT
	if ((method = getdef_str ("ENCRYPT_METHOD")) == NULL) {
#endif
		if (getdef_bool ("MD5_CRYPT_ENAB")) {
			MAGNUM(result,'1');
			max_salt_len = 11;
		}
#ifdef ENCRYPTMETHOD_SELECT
	} else {
		if (!strncmp (method, "MD5", 3)) {
			MAGNUM(result, '1');
			max_salt_len = 11;
		} else if (!strncmp (method, "SHA256", 6)) {
			MAGNUM(result, '5');
			strcat(result, SHA_salt_rounds());
			max_salt_len = strlen(result) + SHA_salt_size();
		} else if (!strncmp (method, "SHA512", 6)) {
			MAGNUM(result, '6');
			strcat(result, SHA_salt_rounds());
			max_salt_len = strlen(result) + SHA_salt_size();
		} else if (0 != strncmp (method, "DES", 3)) {
			fprintf (stderr,
				 _("Invalid ENCRYPT_METHOD value: '%s'.\n"
				   "Defaulting to DES.\n"),
				 method);
			result[0] = '\0';
		}
	}
#endif				/* ENCRYPTMETHOD_SELECT */
#endif				/* USE_PAM */

	/*
	 * Concatenate a pseudo random salt.
	 */
	gettimeofday (&tv, (struct timezone *) 0);
	strncat (result, l64a (tv.tv_usec), sizeof(result));
	strncat (result, l64a (tv.tv_sec + getpid () + clock ()),
	         sizeof(result));

	if (strlen (result) > max_salt_len)	/* magic+salt */
		result[max_salt_len] = '\0';

	return result;
}
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`/*`
			`* salt.c - generate a random salt string for crypt()`
			`*`
			`* Written by Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>,`
			`* public domain.`
Add support for uClibc with no l64a(). 2007-11-16 18:06:21 +05:30			`*`
			`* l64a was Written by J.T. Conklin <jtc@netbsd.org>. Public domain.`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`*/`

			`#include <config.h>`

Added the subversion svn:keywords property (Id) for proper identification. 2007-11-11 05:16:11 +05:30			`#ident "$Id$"`
[svn-upgrade] Integrating new upstream version, shadow (4.0.13) 2007-10-07 17:17:01 +05:30
[svn-upgrade] Integrating new upstream version, shadow (4.0.8) 2007-10-07 17:16:07 +05:30			`#include <sys/time.h>`
			`#include <stdlib.h>`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`#include "prototypes.h"`
			`#include "defines.h"`
			`#include "getdef.h"`
Add support for uClibc with no l64a(). 2007-11-16 18:06:21 +05:30
			`#ifndef HAVE_L64A`
			`char *l64a(long value)`
			`{`
			`static char buf[8];`
			`char *s = buf;`
			`int digit;`
			`int i;`

			`if (value < 0) {`
			`errno = EINVAL;`
			`return(NULL);`
			`}`

			`for (i = 0; value != 0 && i < 6; i++) {`
			`digit = value & 0x3f;`

			`if (digit < 2)`
			`*s = digit + '.';`
			`else if (digit < 12)`
			`*s = digit + '0' - 2;`
			`else if (digit < 38)`
			`*s = digit + 'A' - 12;`
			`else`
			`*s = digit + 'a' - 38;`

			`value >>= 6;`
			`s++;`
			`}`

			`*s = '\0';`

			`return(buf);`
			`}`
			`#endif /* !HAVE_L64A */`

Hopefully, I review my commits in the morning... 2007-11-20 14:50:34 +05:30			`#ifdef ENCRYPTMETHOD_SELECT`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`/*`
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed. 2007-11-20 05:35:54 +05:30			`* Add the salt prefix.`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`*/`
* libmisc/salt.c (MAGNUM): Terminate the array with nul (the array is then used with strcat). * libmisc/salt.c (crypt_make_salt): Initialize result[0] to nul at the beginning (was not initialized when USE_PAM). * libmisc/salt.c (crypt_make_salt): Check that ENCRYPT_METHOD is a valid crypt method. 2007-11-20 04:04:48 +05:30			`#define MAGNUM(array,ch) (array)[0]= (array)[2] = '$',\`
			`(array)[1]=(ch),\`
			`(array)[2]='\0'`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed. 2007-11-20 05:35:54 +05:30			`/*`
			`* Return the salt size.`
			`* The size of the salt string is between 8 and 16 bytes for the SHA crypt`
			`* methods.`
			`*/`
			`static unsigned int SHA_salt_size (void)`
			`{`
Hopefully, I review my commits in the morning... 2007-11-20 14:50:34 +05:30			`srand (time (NULL));`
			`return 8 + (double)rand () * 9 / RAND_MAX;`
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed. 2007-11-20 05:35:54 +05:30			`}`

			`/* ! Arguments evaluated twice ! */`
			`#define MAX(x,y) ((x) > (y) ? (x) : (y))`
			`#define MIN(x,y) ((x) < (y) ? (x) : (y))`

			`/* Default number of rounds if not explicitly specified. */`
			`#define ROUNDS_DEFAULT 5000`
			`/* Minimum number of rounds. */`
			`#define ROUNDS_MIN 1000`
			`/* Maximum number of rounds. */`
			`#define ROUNDS_MAX 999999999`

			`/*`
			`* Return a salt prefix specifying the rounds number for the SHA crypt methods.`
			`*/`
			`static char *SHA_salt_rounds (void)`
			`{`
			`static char *rounds_prefix[18];`
			`long min_rounds = getdef_long ("SHA_CRYPT_MIN_ROUNDS", -1);`
			`long max_rounds = getdef_long ("SHA_CRYPT_MAX_ROUNDS", -1);`
			`long rounds;`

			`if (-1 == min_rounds && -1 == max_rounds)`
			`return "";`

			`if (-1 == min_rounds)`
			`min_rounds = max_rounds;`

			`if (-1 == max_rounds)`
			`max_rounds = min_rounds;`

			`if (min_rounds > max_rounds)`
			`max_rounds = min_rounds;`

Hopefully, I review my commits in the morning... 2007-11-20 14:50:34 +05:30			`srand (time (NULL));`
			`rounds = min_rounds +`
			`(double)rand () * (max_rounds-min_rounds+1)/RAND_MAX;`
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed. 2007-11-20 05:35:54 +05:30
			`/* Sanity checks. The libc should also check this, but this`
			`* protects against a rounds_prefix overflow. */`
			`if (rounds < ROUNDS_MIN)`
			`rounds = ROUNDS_MIN;`

			`if (rounds > ROUNDS_MAX)`
			`rounds = ROUNDS_MAX;`

			`snprintf (rounds_prefix, 18, "rounds=%ld$", rounds);`

			`/* Sanity checks. That should not be necessary. */`
			`rounds_prefix[17] = '\0';`
			`if ('$' != rounds_prefix[16])`
			`rounds_prefix[17] = '$';`

			`return rounds_prefix;`
			`}`
Hopefully, I review my commits in the morning... 2007-11-20 14:50:34 +05:30			`#endif`
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed. 2007-11-20 05:35:54 +05:30
			`/*`
			`* Generate 8 base64 ASCII characters of random salt. If MD5_CRYPT_ENAB`
			`* in /etc/login.defs is "yes", the salt string will be prefixed by "$1$"`
			`* (magic) and pw_encrypt() will execute the MD5-based FreeBSD-compatible`
			`* version of crypt() instead of the standard one.`
			`* Other methods can be set with ENCRYPT_METHOD`
			`*/`
[svn-upgrade] Integrating new upstream version, shadow (4.0.4) 2007-10-07 17:15:23 +05:30			`char *crypt_make_salt (void)`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`{`
			`struct timeval tv;`
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed. 2007-11-20 05:35:54 +05:30			`/* Max result size for the SHA methods:`
			`* +3 $5$`
			`* +17 rounds=999999999$`
			`* +16 salt`
			`* +1 \0`
			`*/`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`static char result[40];`
* libmisc/salt.c: Make sure the salt string is terminated at the right place (either 8th, or 11th position). * NEWS, src/chgpasswd.c, src/chpasswd.c: The protocol + salt does not need 15 chars. No need for a temporary buffer. This change the fix committed on 2007-11-10. The salt provided to pw_encrypt could have been too long. 2007-11-17 00:32:00 +05:30			`int max_salt_len = 8;`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30			`char *method;`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30
* libmisc/salt.c (MAGNUM): Terminate the array with nul (the array is then used with strcat). * libmisc/salt.c (crypt_make_salt): Initialize result[0] to nul at the beginning (was not initialized when USE_PAM). * libmisc/salt.c (crypt_make_salt): Check that ENCRYPT_METHOD is a valid crypt method. 2007-11-20 04:04:48 +05:30			`result[0] = '\0';`

[svn-upgrade] Integrating new upstream version, shadow (4.0.13) 2007-10-07 17:17:01 +05:30			`#ifndef USE_PAM`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30			`#ifdef ENCRYPTMETHOD_SELECT`
			`if ((method = getdef_str ("ENCRYPT_METHOD")) == NULL) {`
[svn-upgrade] Integrating new upstream version, shadow (4.0.13) 2007-10-07 17:17:01 +05:30			`#endif`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30			`if (getdef_bool ("MD5_CRYPT_ENAB")) {`
			`MAGNUM(result,'1');`
			`max_salt_len = 11;`
* libmisc/salt.c (MAGNUM): Terminate the array with nul (the array is then used with strcat). * libmisc/salt.c (crypt_make_salt): Initialize result[0] to nul at the beginning (was not initialized when USE_PAM). * libmisc/salt.c (crypt_make_salt): Check that ENCRYPT_METHOD is a valid crypt method. 2007-11-20 04:04:48 +05:30			`}`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30			`#ifdef ENCRYPTMETHOD_SELECT`
			`} else {`
			`if (!strncmp (method, "MD5", 3)) {`
			`MAGNUM(result, '1');`
			`max_salt_len = 11;`
			`} else if (!strncmp (method, "SHA256", 6)) {`
			`MAGNUM(result, '5');`
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed. 2007-11-20 05:35:54 +05:30			`strcat(result, SHA_salt_rounds());`
			`max_salt_len = strlen(result) + SHA_salt_size();`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30			`} else if (!strncmp (method, "SHA512", 6)) {`
			`MAGNUM(result, '6');`
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed. 2007-11-20 05:35:54 +05:30			`strcat(result, SHA_salt_rounds());`
			`max_salt_len = strlen(result) + SHA_salt_size();`
* libmisc/salt.c (MAGNUM): Terminate the array with nul (the array is then used with strcat). * libmisc/salt.c (crypt_make_salt): Initialize result[0] to nul at the beginning (was not initialized when USE_PAM). * libmisc/salt.c (crypt_make_salt): Check that ENCRYPT_METHOD is a valid crypt method. 2007-11-20 04:04:48 +05:30			`} else if (0 != strncmp (method, "DES", 3)) {`
			`fprintf (stderr,`
			`_("Invalid ENCRYPT_METHOD value: '%s'.\n"`
			`"Defaulting to DES.\n"),`
			`method);`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30			`result[0] = '\0';`
* libmisc/salt.c (MAGNUM): Terminate the array with nul (the array is then used with strcat). * libmisc/salt.c (crypt_make_salt): Initialize result[0] to nul at the beginning (was not initialized when USE_PAM). * libmisc/salt.c (crypt_make_salt): Check that ENCRYPT_METHOD is a valid crypt method. 2007-11-20 04:04:48 +05:30			`}`
Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes except re-indent and changes related to recent modifications (max_salt_len in crypt_make_salt). Changes in lib/defines.h not applied (definition of ENCRYPTMETHOD_SELECT). I will add a configure check or flag. 2007-11-20 03:44:19 +05:30			`}`
			`#endif /* ENCRYPTMETHOD_SELECT */`
			`#endif /* USE_PAM */`
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed. 2007-11-20 05:35:54 +05:30
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`/*`
* libmisc/salt.c: The salt has a random size (between 8 and 16 bytes). * lib/getdef.c, etc/login.defs: Add definitions for SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS. * libmisc/salt.c: Use SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS to add a random number of rounds if needed. 2007-11-20 05:35:54 +05:30			`* Concatenate a pseudo random salt.`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30			`*/`
[svn-upgrade] Integrating new upstream version, shadow (4.0.4) 2007-10-07 17:15:23 +05:30			`gettimeofday (&tv, (struct timezone *) 0);`
Hopefully, I review my commits in the morning... 2007-11-20 14:50:34 +05:30			`strncat (result, l64a (tv.tv_usec), sizeof(result));`
			`strncat (result, l64a (tv.tv_sec + getpid () + clock ()),`
			`sizeof(result));`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30
* libmisc/salt.c: Make sure the salt string is terminated at the right place (either 8th, or 11th position). * NEWS, src/chgpasswd.c, src/chpasswd.c: The protocol + salt does not need 15 chars. No need for a temporary buffer. This change the fix committed on 2007-11-10. The salt provided to pw_encrypt could have been too long. 2007-11-17 00:32:00 +05:30			`if (strlen (result) > max_salt_len) /* magic+salt */`
			`result[max_salt_len] = '\0';`
[svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 17:14:02 +05:30
			`return result;`
			`}`