Vladimir N. Oleynik writes:

This moment have algoritmicaly problem, not overflow: strcat(wrapped, wrapped) - may be looped. Hand patch: - else if (strstr(strcat(wrapped, wrapped), newmono)) + else { + safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1); + if (strstr(wrapped, newmono)) +} --w vodz
author: Eric Andersen <andersen@codepoet.org> 2003-07-30 07:57:06 +0000
committer: Eric Andersen <andersen@codepoet.org> 2003-07-30 07:57:06 +0000
commit: 3124a9ecee24769f395d3dc4179a5f0e9268b5c0 (patch)
tree: dad288a73ce6097ccba604031e4b28907986cc32 /libbb/obscure.c
parent: b99aec0ba5b5b5f7f565c89bb0dab158d7342fee (diff)
download: busybox-w32-3124a9ecee24769f395d3dc4179a5f0e9268b5c0.tar.gz
busybox-w32-3124a9ecee24769f395d3dc4179a5f0e9268b5c0.tar.bz2
busybox-w32-3124a9ecee24769f395d3dc4179a5f0e9268b5c0.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/libbb/obscure.c b/libbb/obscure.c
index 1a99b7cf9..537d4484f 100644
--- a/libbb/obscure.c
+++ b/libbb/obscure.c
@@ -157,8 +157,11 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
        else if (similiar(wrapped, newmono))
                msg = "too similiar";
-        else if (strstr(strcat(wrapped, wrapped), newmono))
+        else {
-                msg = "rotated";
+                safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
+                if (strstr(wrapped, newmono))
+                        msg = "rotated";
+        }
        bzero(newmono, strlen(newmono));
        bzero(wrapped, lenwrap);
author	Eric Andersen <andersen@codepoet.org>	2003-07-30 07:57:06 +0000
committer	Eric Andersen <andersen@codepoet.org>	2003-07-30 07:57:06 +0000
commit	3124a9ecee24769f395d3dc4179a5f0e9268b5c0 (patch)
tree	dad288a73ce6097ccba604031e4b28907986cc32 /libbb/obscure.c
parent	b99aec0ba5b5b5f7f565c89bb0dab158d7342fee (diff)
download	busybox-w32-3124a9ecee24769f395d3dc4179a5f0e9268b5c0.tar.gz busybox-w32-3124a9ecee24769f395d3dc4179a5f0e9268b5c0.tar.bz2 busybox-w32-3124a9ecee24769f395d3dc4179a5f0e9268b5c0.zip