cracklib: Apply patch to fix CVE-2016-6318
Fix CVE-2016-6318
Backport from cracklib upstream:
47e5dec521
(From OE-Core rev: bc7691c47f21a7d7549788fe0370c3080fc4dff5)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
36accdb93f
commit
37f7c03154
|
@ -0,0 +1,105 @@
|
|||
From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Dittberner <jan@dittberner.info>
|
||||
Date: Thu, 25 Aug 2016 17:13:49 +0200
|
||||
Subject: [PATCH] Apply patch to fix CVE-2016-6318
|
||||
|
||||
This patch fixes an issue with a stack-based buffer overflow when
|
||||
parsing large GECOS field. See
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and
|
||||
https://security-tracker.debian.org/tracker/CVE-2016-6318 for more
|
||||
information.
|
||||
|
||||
Upstream-Status: Backport [https://github.com/cracklib/cracklib/commit/47e5dec521ab6243c9b249dd65b93d232d90d6b1]
|
||||
CVE: CVE-2016-6318
|
||||
Signed-off-by: Dengke Du <dengke.du@windriver.com>
|
||||
---
|
||||
lib/fascist.c | 57 ++++++++++++++++++++++++++++++++-----------------------
|
||||
1 file changed, 33 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/lib/fascist.c b/lib/fascist.c
|
||||
index a996509..d4deb15 100644
|
||||
--- a/lib/fascist.c
|
||||
+++ b/lib/fascist.c
|
||||
@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
|
||||
char gbuffer[STRINGSIZE];
|
||||
char tbuffer[STRINGSIZE];
|
||||
char *uwords[STRINGSIZE];
|
||||
- char longbuffer[STRINGSIZE * 2];
|
||||
+ char longbuffer[STRINGSIZE];
|
||||
|
||||
if (gecos == NULL)
|
||||
gecos = "";
|
||||
@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
|
||||
{
|
||||
for (i = 0; i < j; i++)
|
||||
{
|
||||
- strcpy(longbuffer, uwords[i]);
|
||||
- strcat(longbuffer, uwords[j]);
|
||||
-
|
||||
- if (GTry(longbuffer, password))
|
||||
+ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
|
||||
{
|
||||
- return _("it is derived from your password entry");
|
||||
- }
|
||||
+ strcpy(longbuffer, uwords[i]);
|
||||
+ strcat(longbuffer, uwords[j]);
|
||||
|
||||
- strcpy(longbuffer, uwords[j]);
|
||||
- strcat(longbuffer, uwords[i]);
|
||||
+ if (GTry(longbuffer, password))
|
||||
+ {
|
||||
+ return _("it is derived from your password entry");
|
||||
+ }
|
||||
|
||||
- if (GTry(longbuffer, password))
|
||||
- {
|
||||
- return _("it's derived from your password entry");
|
||||
- }
|
||||
+ strcpy(longbuffer, uwords[j]);
|
||||
+ strcat(longbuffer, uwords[i]);
|
||||
|
||||
- longbuffer[0] = uwords[i][0];
|
||||
- longbuffer[1] = '\0';
|
||||
- strcat(longbuffer, uwords[j]);
|
||||
+ if (GTry(longbuffer, password))
|
||||
+ {
|
||||
+ return _("it's derived from your password entry");
|
||||
+ }
|
||||
+ }
|
||||
|
||||
- if (GTry(longbuffer, password))
|
||||
+ if (strlen(uwords[j]) < STRINGSIZE - 1)
|
||||
{
|
||||
- return _("it is derivable from your password entry");
|
||||
+ longbuffer[0] = uwords[i][0];
|
||||
+ longbuffer[1] = '\0';
|
||||
+ strcat(longbuffer, uwords[j]);
|
||||
+
|
||||
+ if (GTry(longbuffer, password))
|
||||
+ {
|
||||
+ return _("it is derivable from your password entry");
|
||||
+ }
|
||||
}
|
||||
|
||||
- longbuffer[0] = uwords[j][0];
|
||||
- longbuffer[1] = '\0';
|
||||
- strcat(longbuffer, uwords[i]);
|
||||
-
|
||||
- if (GTry(longbuffer, password))
|
||||
+ if (strlen(uwords[i]) < STRINGSIZE - 1)
|
||||
{
|
||||
- return _("it's derivable from your password entry");
|
||||
+ longbuffer[0] = uwords[j][0];
|
||||
+ longbuffer[1] = '\0';
|
||||
+ strcat(longbuffer, uwords[i]);
|
||||
+
|
||||
+ if (GTry(longbuffer, password))
|
||||
+ {
|
||||
+ return _("it's derivable from your password entry");
|
||||
+ }
|
||||
}
|
||||
}
|
||||
}
|
||||
--
|
||||
2.8.1
|
||||
|
|
@ -10,6 +10,7 @@ EXTRA_OECONF = "--without-python --libdir=${base_libdir}"
|
|||
|
||||
SRC_URI = "${SOURCEFORGE_MIRROR}/cracklib/cracklib-${PV}.tar.gz \
|
||||
file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \
|
||||
file://0001-Apply-patch-to-fix-CVE-2016-6318.patch \
|
||||
file://0002-craklib-fix-testnum-and-teststr-failed.patch"
|
||||
|
||||
SRC_URI[md5sum] = "376790a95c1fb645e59e6e9803c78582"
|
||||
|
|
Loading…
Reference in New Issue