Bug 5658 - passwords are limited 2047 characters
Summary: passwords are limited 2047 characters
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Web Access (show other bugs)
Version: 4.3.0
Hardware: PC Unknown
: P2 Normal
Target Milestone: LowPrio
Assignee: Samuel Mannehed
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-28 09:59 CEST by Henrik Andersson
Modified: 2021-09-28 10:18 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Henrik Andersson cendio 2015-09-28 09:59:33 CEST 
Bug 5654 fixes a bug with dynamic allocation of password strings. However, if passed password is >=511 characters the pamtester will hang. This hints about some buffer constraint of 512 bytes which probably should be dynamic sized.
Comment 1 Samuel Mannehed cendio 2018-07-05 16:53:33 CEST 
Probably as part of bug 5086. The limit is now 1024 bytes. If that limit is reached the tl-pamapp doesn't hang and the response is truncated.
Comment 2 Samuel Mannehed cendio 2018-07-05 16:53:49 CEST 
(In reply to comment #1)
> Probably as part of bug 5086. The limit is now 1024 bytes. If that limit is
> reached the tl-pamapp doesn't hang and the response is truncated.

Probably fixed as part of*
Comment 3 Pierre Ossman cendio 2018-07-11 10:54:24 CEST 
It seems we don't flush the rest of the line though, meaning we will leak the rest of it to whatever PAM prompt comes next. So it looks like we still have issues here.

(and the buffer actually ended up being 2048 bytes, not 1024)
Note You need to log in before you can comment on or make changes to this bug.