afppasswd: Check for valid password length, GitHub #931

Netatalk · May 1, 2024 · e8c6ba0 · e8c6ba0
1 parent b434be6
commit e8c6ba0
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/bin/afppasswd/afppasswd.c b/bin/afppasswd/afppasswd.c
@@ -175,6 +175,11 @@ static int update_passwd(const char *path, const char *name, int flags)
 
   /* new password */
   passwd = getpass("Enter NEW AFP password: ");
+  if (strlen(passwd) > 8) {
+    fprintf(stderr, "afppasswd: max password length is 8.\n");
+    err = -1;
+    goto update_done;
+  }
   memcpy(password, passwd, sizeof(password));
   password[PASSWDLEN] = '\0';
 #ifdef USE_CRACKLIB