svn commit: r280383 - head/sys/boot/forth

Mon, 23 Mar 2015 09:32:38 -0700 

Author: dteske
Date: Mon Mar 23 16:31:27 2015
New Revision: 280383
URL: https://svnweb.freebsd.org/changeset/base/280383

Log:
  Prevent password/bootlock_password features of loader.conf(5) from
  locking out everyone in the case of setting a password longer than
  the maximum (currently 16 characters). Now the required password is
  truncated to the maximum input that can be read from the user.
  
  PR:           kern/198760
  MFC after:    3 days
  MFH:          stable/10 stable/9

Modified:
  head/sys/boot/forth/check-password.4th

Modified: head/sys/boot/forth/check-password.4th
==============================================================================
--- head/sys/boot/forth/check-password.4th      Mon Mar 23 16:22:56 2015        
(r280382)
+++ head/sys/boot/forth/check-password.4th      Mon Mar 23 16:31:27 2015        
(r280383)
@@ -28,15 +28,15 @@ marker task-check-password.4th
 
 include /boot/screen.4th
 
-13 constant enter_key   \ The decimal ASCII value for Enter key
-8  constant bs_key      \ The decimal ASCII value for Backspace key
-16 constant readmax     \ Maximum number of characters for the password
+13 constant enter_key        \ The decimal ASCII value for Enter key
+8  constant bs_key           \ The decimal ASCII value for Backspace key
+16 constant readmax          \ Maximum number of characters for the password
 
-variable readX          \ Current X offset (column)(used by read)
-variable read-start     \ Starting X offset (column)(used by read)
+variable readX               \ Current X offset (column)(used by read)
+variable read-start          \ Starting X offset (column)(used by read)
 
-create readval 16 allot \ input obtained (maximum 16 characters)
-variable readlen        \ input length
+create readval readmax allot \ input obtained (up to readmax characters)
+variable readlen             \ input length
 
 \ This function blocks program flow (loops forever) until a key is pressed.
 \ The key that was pressed is added to the top of the stack in the form of its
@@ -132,6 +132,7 @@ variable readlen        \ input length
        \ Do not allow the user to proceed beyond this point if a boot-lock
        \ password has been set (preventing even boot from proceeding)
        s" bootlock_password" getenv dup -1 <> if
+               dup readmax > if drop readmax then
                begin
                        s" Boot Password: " read ( prompt -- )
                        2dup readval readlen @ compare 0<>
@@ -154,7 +155,7 @@ variable readlen        \ input length
        \ Only reached if autoboot fails for any reason (including if/when
        \ the user aborts/escapes the countdown sequence leading to boot).
 
-       s" password" getenv
+       s" password" getenv dup readmax > if drop readmax then
        begin
                s" Password: " read ( prompt -- )
                2dup readval readlen @ compare 0= if
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to