diff options
| author | Eric Andersen <andersen@codepoet.org> | 2003-07-30 07:57:06 +0000 |
|---|---|---|
| committer | Eric Andersen <andersen@codepoet.org> | 2003-07-30 07:57:06 +0000 |
| commit | 3124a9ecee24769f395d3dc4179a5f0e9268b5c0 (patch) | |
| tree | dad288a73ce6097ccba604031e4b28907986cc32 /libbb/obscure.c | |
| parent | b99aec0ba5b5b5f7f565c89bb0dab158d7342fee (diff) | |
| download | busybox-w32-3124a9ecee24769f395d3dc4179a5f0e9268b5c0.tar.gz busybox-w32-3124a9ecee24769f395d3dc4179a5f0e9268b5c0.tar.bz2 busybox-w32-3124a9ecee24769f395d3dc4179a5f0e9268b5c0.zip | |
Vladimir N. Oleynik writes:
This moment have algoritmicaly problem, not overflow:
strcat(wrapped, wrapped) - may be looped.
Hand patch:
- else if (strstr(strcat(wrapped, wrapped), newmono))
+ else {
+ safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
+ if (strstr(wrapped, newmono))
+}
--w
vodz
Diffstat (limited to 'libbb/obscure.c')
| -rw-r--r-- | libbb/obscure.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/libbb/obscure.c b/libbb/obscure.c index 1a99b7cf9..537d4484f 100644 --- a/libbb/obscure.c +++ b/libbb/obscure.c | |||
| @@ -157,8 +157,11 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp) | |||
| 157 | else if (similiar(wrapped, newmono)) | 157 | else if (similiar(wrapped, newmono)) |
| 158 | msg = "too similiar"; | 158 | msg = "too similiar"; |
| 159 | 159 | ||
| 160 | else if (strstr(strcat(wrapped, wrapped), newmono)) | 160 | else { |
| 161 | msg = "rotated"; | 161 | safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1); |
| 162 | if (strstr(wrapped, newmono)) | ||
| 163 | msg = "rotated"; | ||
| 164 | } | ||
| 162 | 165 | ||
| 163 | bzero(newmono, strlen(newmono)); | 166 | bzero(newmono, strlen(newmono)); |
| 164 | bzero(wrapped, lenwrap); | 167 | bzero(wrapped, lenwrap); |