sysmo-bts
/
generic-poky
9
0
Fork 0
Code Pull Requests Releases Activity

cracklib: Apply patch to fix CVE-2016-6318 

Fix CVE-2016-6318

Backport from cracklib upstream:

47e5dec521

(From OE-Core rev: bc7691c47f21a7d7549788fe0370c3080fc4dff5)

Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Dengke Du 2016-09-23 03:15:20 -04:00 committed by Richard Purdie
parent 36accdb93f
commit 37f7c03154
2 changed files with 106 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch Normal file
View File

@ -0,0 +1,105 @@
From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jan@dittberner.info>
Date: Thu, 25 Aug 2016 17:13:49 +0200
Subject: [PATCH] Apply patch to fix CVE-2016-6318
This patch fixes an issue with a stack-based buffer overflow when
parsing large GECOS field. See
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and
https://security-tracker.debian.org/tracker/CVE-2016-6318 for more
information.
Upstream-Status: Backport [https://github.com/cracklib/cracklib/commit/47e5dec521ab6243c9b249dd65b93d232d90d6b1]
CVE: CVE-2016-6318
Signed-off-by: Dengke Du <dengke.du@windriver.com>
---
lib/fascist.c | 57 ++++++++++++++++++++++++++++++++-----------------------
1 file changed, 33 insertions(+), 24 deletions(-)
diff --git a/lib/fascist.c b/lib/fascist.c
index a996509..d4deb15 100644
--- a/lib/fascist.c
+++ b/lib/fascist.c
@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
char gbuffer[STRINGSIZE];
char tbuffer[STRINGSIZE];
char *uwords[STRINGSIZE];
- char longbuffer[STRINGSIZE * 2];
+ char longbuffer[STRINGSIZE];
if (gecos == NULL)
gecos = "";
@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
{
for (i = 0; i < j; i++)
{
- strcpy(longbuffer, uwords[i]);
- strcat(longbuffer, uwords[j]);
-
- if (GTry(longbuffer, password))
+ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
{
- return _("it is derived from your password entry");
- }
+ strcpy(longbuffer, uwords[i]);
+ strcat(longbuffer, uwords[j]);
- strcpy(longbuffer, uwords[j]);
- strcat(longbuffer, uwords[i]);
+ if (GTry(longbuffer, password))
+ {
+ return _("it is derived from your password entry");
+ }
- if (GTry(longbuffer, password))
- {
- return _("it's derived from your password entry");
- }
+ strcpy(longbuffer, uwords[j]);
+ strcat(longbuffer, uwords[i]);
- longbuffer[0] = uwords[i][0];
- longbuffer[1] = '\0';
- strcat(longbuffer, uwords[j]);
+ if (GTry(longbuffer, password))
+ {
+ return _("it's derived from your password entry");
+ }
+ }
- if (GTry(longbuffer, password))
+ if (strlen(uwords[j]) < STRINGSIZE - 1)
{
- return _("it is derivable from your password entry");
+ longbuffer[0] = uwords[i][0];
+ longbuffer[1] = '\0';
+ strcat(longbuffer, uwords[j]);
+
+ if (GTry(longbuffer, password))
+ {
+ return _("it is derivable from your password entry");
+ }
}
- longbuffer[0] = uwords[j][0];
- longbuffer[1] = '\0';
- strcat(longbuffer, uwords[i]);
-
- if (GTry(longbuffer, password))
+ if (strlen(uwords[i]) < STRINGSIZE - 1)
{
- return _("it's derivable from your password entry");
+ longbuffer[0] = uwords[j][0];
+ longbuffer[1] = '\0';
+ strcat(longbuffer, uwords[i]);
+
+ if (GTry(longbuffer, password))
+ {
+ return _("it's derivable from your password entry");
+ }
}
}
}
--
2.8.1

1
meta/recipes-extended/cracklib/cracklib_2.9.5.bb
View File

@ -10,6 +10,7 @@ EXTRA_OECONF = "--without-python --libdir=${base_libdir}"
SRC_URI = "${SOURCEFORGE_MIRROR}/cracklib/cracklib-${PV}.tar.gz \
file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \
file://0001-Apply-patch-to-fix-CVE-2016-6318.patch \
file://0002-craklib-fix-testnum-and-teststr-failed.patch"
SRC_URI[md5sum] = "376790a95c1fb645e59e6e9803c78582"