summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Andersen2003-07-30 07:57:06 +0000
committerEric Andersen2003-07-30 07:57:06 +0000
commit3124a9ecee24769f395d3dc4179a5f0e9268b5c0 (patch)
treedad288a73ce6097ccba604031e4b28907986cc32
parentb99aec0ba5b5b5f7f565c89bb0dab158d7342fee (diff)
downloadbusybox-3124a9ecee24769f395d3dc4179a5f0e9268b5c0.zip
busybox-3124a9ecee24769f395d3dc4179a5f0e9268b5c0.tar.gz
Vladimir N. Oleynik writes:
This moment have algoritmicaly problem, not overflow: strcat(wrapped, wrapped) - may be looped. Hand patch: - else if (strstr(strcat(wrapped, wrapped), newmono)) + else { + safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1); + if (strstr(wrapped, newmono)) +} --w vodz
-rw-r--r--libbb/obscure.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/libbb/obscure.c b/libbb/obscure.c
index 1a99b7c..537d448 100644
--- a/libbb/obscure.c
+++ b/libbb/obscure.c
@@ -157,8 +157,11 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
else if (similiar(wrapped, newmono))
msg = "too similiar";
- else if (strstr(strcat(wrapped, wrapped), newmono))
- msg = "rotated";
+ else {
+ safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
+ if (strstr(wrapped, newmono))
+ msg = "rotated";
+ }
bzero(newmono, strlen(newmono));
bzero(wrapped, lenwrap);