tinylogin: Fix rotate passwd check logic
Fix rotate passwd check logic which will write data into un-allocated memory. This fixes [YOCTO #735] (From OE-Core rev: 4499beb9ef70d207e0d1f60eae77634a77fc44c3) Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
2c52b652bf
commit
10ce85af33
|
@ -0,0 +1,39 @@
|
||||||
|
Fix rotate check logic
|
||||||
|
|
||||||
|
Rotate passwd checking code has logic error, which writes data into
|
||||||
|
un-allocated memory. This patch fixes the issue.
|
||||||
|
|
||||||
|
Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
|
||||||
|
|
||||||
|
diff --git a/libbb/obscure.c b/libbb/obscure.c
|
||||||
|
index 750b611..4a07b5f 100644
|
||||||
|
--- a/libbb/obscure.c
|
||||||
|
+++ b/libbb/obscure.c
|
||||||
|
@@ -135,7 +135,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
|
||||||
|
{
|
||||||
|
const char *msg;
|
||||||
|
char *newmono, *wrapped;
|
||||||
|
- int lenwrap;
|
||||||
|
+ int lenold, lenwrap;
|
||||||
|
|
||||||
|
if (strcmp(newval, old) == 0)
|
||||||
|
return "no change";
|
||||||
|
@@ -144,7 +144,8 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
|
||||||
|
|
||||||
|
msg = NULL;
|
||||||
|
newmono = str_lower(xstrdup(newval));
|
||||||
|
- lenwrap = strlen(old) * 2 + 1;
|
||||||
|
+ lenold = strlen(old);
|
||||||
|
+ lenwrap = lenold * 2 + 1;
|
||||||
|
wrapped = (char *) xmalloc(lenwrap);
|
||||||
|
str_lower(strcpy(wrapped, old));
|
||||||
|
|
||||||
|
@@ -158,7 +159,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
|
||||||
|
msg = "too similiar";
|
||||||
|
|
||||||
|
else {
|
||||||
|
- safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
|
||||||
|
+ safe_strncpy(wrapped + lenold, wrapped, lenold + 1);
|
||||||
|
if (strstr(wrapped, newmono))
|
||||||
|
msg = "rotated";
|
||||||
|
}
|
|
@ -7,14 +7,15 @@ and groups on an embedded system."
|
||||||
HOMEPAGE = "http://tinylogin.busybox.net/"
|
HOMEPAGE = "http://tinylogin.busybox.net/"
|
||||||
LICENSE = "GPLv2"
|
LICENSE = "GPLv2"
|
||||||
LIC_FILES_CHKSUM="file://LICENSE;md5=f1060fa3a366f098b5b1d8c2077ba269"
|
LIC_FILES_CHKSUM="file://LICENSE;md5=f1060fa3a366f098b5b1d8c2077ba269"
|
||||||
PR = "r5"
|
PR = "r6"
|
||||||
|
|
||||||
SRC_URI = "http://tinylogin.busybox.net/downloads/tinylogin-${PV}.tar.bz2 \
|
SRC_URI = "http://tinylogin.busybox.net/downloads/tinylogin-${PV}.tar.bz2 \
|
||||||
file://cvs-20040608.patch;patch=1;pnum=1 \
|
file://cvs-20040608.patch;patch=1;pnum=1 \
|
||||||
file://add-system.patch;patch=1;pnum=1 \
|
file://add-system.patch;patch=1;pnum=1 \
|
||||||
file://adduser-empty_pwd.patch;patch=1 \
|
file://adduser-empty_pwd.patch;patch=1 \
|
||||||
file://remove-index.patch;patch=1 \
|
file://remove-index.patch;patch=1 \
|
||||||
file://use_O2_option.patch"
|
file://use_O2_option.patch \
|
||||||
|
file://passwd_rotate_check.patch"
|
||||||
|
|
||||||
SRC_URI[md5sum] = "44da0ff2b727455669890b24305e351d"
|
SRC_URI[md5sum] = "44da0ff2b727455669890b24305e351d"
|
||||||
SRC_URI[sha256sum] = "5e542e4b7825305a3678bf73136c392feb0d44b8bbf926e8eda5453eea7ddd6b"
|
SRC_URI[sha256sum] = "5e542e4b7825305a3678bf73136c392feb0d44b8bbf926e8eda5453eea7ddd6b"
|
||||||
|
|
Loading…
Reference in New Issue