MAX_USERNAME_LEN set too low

Walter Harms wharms at bfs.de
Mon Mar 18 03:47:23 AWST 2019



> Matt Johnston <matt at ucc.asn.au> hat am 1. März 2019 um 15:24 geschrieben:
> 
> 
> Hi Mike,
> 
> The limit's arbitrary so 32 would be fine. Maybe even something like 100.
> I'll increase it for the next release.
> 
> Cheers,
> Matt
> 
> > On Fri 1/3/2019, at 8:28 am, W. Michael Petullo <mike at flyn.org> wrote:
> > 
> > Dropbear's auth.h defines MAX_USERNAME_LEN as 25 and provides the
> > commentary "arbitrary for the moment."
> > 
> > The useradd utility from shadow-utils on Linux supports usernames with
> > up to 32 characters.
> > 
> > This means that some valid users cannot make use of SSH, namely users
> > for which len(username) is larger than 25 but less than 32.
> > 
> > 32 seems pretty common. Can we modify Dropbear to use 32 instead of 25?
> > 
> > -- 
> > Mike
> > 
> > :wq
> 

just my 2 cents:
 there is an UT_NAMESIZE

may be that can be used.

re,
 wh


More information about the Dropbear mailing list