Let's make sure we're at the end of the password string before we apply a \0

and terminate it. This patch ensures passwords will be the correct length of 8,
which is what is implied in the source (but not reflected in the man page).

PR:		bin/7817
Reviewed by:	Alfred Perlstein <bright@hotjobs.com>
Submitted by:	Hiroshi Nishikawa <nis@pluto.dti.ne.jp>

diff --git a/pw/pw_user.c b/pw/pw_user.c
index d10c5283f5f8ab571f39aa2dcb4489dfb4b5e495..fd5f4f0906867a7adfda3ff7affd1f571fada009 100644 (file)
--- a/pw/pw_user.c
+++ b/pw/pw_user.c
@@ -26,7 +26,7 @@
 
 #ifndef lint
 static const char rcsid[] =
-       "$Id$";
+       "$Id: pw_user.c,v 1.23 1997/10/10 06:23:39 charnier Exp $";
 #endif /* not lint */
 
 #include <ctype.h>
@@ -925,7 +925,7 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user)
                l = (random() % 8 + 8); /* 8 - 16 chars */
                pw_getrand(rndbuf, l);
                for (i = 0; i < l; i++)
-                       pwbuf[i] = chars[rndbuf[i] % sizeof(chars)];
+                       pwbuf[i] = chars[rndbuf[i] % (sizeof(chars)-1)];
                pwbuf[i] = '\0';
 
                /*