From f9a75fe50e33dd59bc91eac72bc5530cb7e434fb Mon Sep 17 00:00:00 2001
From: Bill Fumerola <billf@FreeBSD.org>
Date: Sat, 2 Jan 1999 04:37:46 +0000
Subject: Let's make sure we're at the end of the password string before we
 apply a \0 and terminate it. This patch ensures passwords will be the correct
 length of 8, which is what is implied in the source (but not reflected in the
 man page).

PR:		bin/7817
Reviewed by:	Alfred Perlstein <bright@hotjobs.com>
Submitted by:	Hiroshi Nishikawa <nis@pluto.dti.ne.jp>
---
 pw/pw_user.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pw/pw_user.c b/pw/pw_user.c
index d10c528..fd5f4f0 100644
--- a/pw/pw_user.c
+++ b/pw/pw_user.c
@@ -26,7 +26,7 @@
 
 #ifndef lint
 static const char rcsid[] =
-	"$Id$";
+	"$Id: pw_user.c,v 1.23 1997/10/10 06:23:39 charnier Exp $";
 #endif /* not lint */
 
 #include <ctype.h>
@@ -925,7 +925,7 @@ pw_password(struct userconf * cnf, struct cargs * args, char const * user)
 		l = (random() % 8 + 8);	/* 8 - 16 chars */
 		pw_getrand(rndbuf, l);
 		for (i = 0; i < l; i++)
-			pwbuf[i] = chars[rndbuf[i] % sizeof(chars)];
+			pwbuf[i] = chars[rndbuf[i] % (sizeof(chars)-1)];
 		pwbuf[i] = '\0';
 
 		/*
-- 
cgit v1.2.3-56-ge451