diff options
| author | andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277> | 2003-07-30 07:57:06 +0000 |
|---|---|---|
| committer | andersen <andersen@69ca8d6d-28ef-0310-b511-8ec308f3f277> | 2003-07-30 07:57:06 +0000 |
| commit | 3958628beec198995aac17557df679fe1b39eabe (patch) | |
| tree | dad288a73ce6097ccba604031e4b28907986cc32 /libbb | |
| parent | 2301f6da5c26b7223dbd3228f2a3f43bdde3db94 (diff) | |
| download | busybox-w32-3958628beec198995aac17557df679fe1b39eabe.tar.gz busybox-w32-3958628beec198995aac17557df679fe1b39eabe.tar.bz2 busybox-w32-3958628beec198995aac17557df679fe1b39eabe.zip | |
Vladimir N. Oleynik writes:
This moment have algoritmicaly problem, not overflow:
strcat(wrapped, wrapped) - may be looped.
Hand patch:
- else if (strstr(strcat(wrapped, wrapped), newmono))
+ else {
+ safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
+ if (strstr(wrapped, newmono))
+}
--w
vodz
git-svn-id: svn://busybox.net/trunk/busybox@7137 69ca8d6d-28ef-0310-b511-8ec308f3f277
Diffstat (limited to 'libbb')
| -rw-r--r-- | libbb/obscure.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/libbb/obscure.c b/libbb/obscure.c index 1a99b7cf9..537d4484f 100644 --- a/libbb/obscure.c +++ b/libbb/obscure.c | |||
| @@ -157,8 +157,11 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp) | |||
| 157 | else if (similiar(wrapped, newmono)) | 157 | else if (similiar(wrapped, newmono)) |
| 158 | msg = "too similiar"; | 158 | msg = "too similiar"; |
| 159 | 159 | ||
| 160 | else if (strstr(strcat(wrapped, wrapped), newmono)) | 160 | else { |
| 161 | msg = "rotated"; | 161 | safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1); |
| 162 | if (strstr(wrapped, newmono)) | ||
| 163 | msg = "rotated"; | ||
| 164 | } | ||
| 162 | 165 | ||
| 163 | bzero(newmono, strlen(newmono)); | 166 | bzero(newmono, strlen(newmono)); |
| 164 | bzero(wrapped, lenwrap); | 167 | bzero(wrapped, lenwrap); |