| From 33d7fa4585247cd2247a1ffa032ad245836c6edb Mon Sep 17 00:00:00 2001 |
| From: Jan Dittberner <jan@dittberner.info> |
| Date: Thu, 25 Aug 2016 17:17:53 +0200 |
| Subject: [PATCH] Fix a buffer overflow processing long words |
| |
| A buffer overflow processing long words has been discovered. This commit |
| applies the patch from |
| https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch |
| by Howard Guo. |
| |
| See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835386 and |
| http://www.openwall.com/lists/oss-security/2016/08/23/8 |
| --- |
| src/NEWS | 1 + |
| src/lib/rules.c | 5 ++--- |
| 2 files changed, 3 insertions(+), 3 deletions(-) |
| |
| diff --git a/src/NEWS b/src/NEWS |
| index 361a207..f1df3b0 100644 |
| --- a/src/NEWS |
| +++ b/src/NEWS |
| @@ -1,4 +1,5 @@ |
| v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field |
| + fix a buffer overflow processing long words |
| v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists |
| migration to github |
| patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller) |
| diff --git a/src/lib/rules.c b/src/lib/rules.c |
| index d193cc0..3a2aa46 100644 |
| --- a/src/lib/rules.c |
| +++ b/src/lib/rules.c |
| @@ -434,9 +434,8 @@ Mangle(input, control) /* returns a pointer to a controlled Mangle */ |
| { |
| int limit; |
| register char *ptr; |
| - static char area[STRINGSIZE]; |
| - char area2[STRINGSIZE]; |
| - area[0] = '\0'; |
| + static char area[STRINGSIZE * 2] = {0}; |
| + char area2[STRINGSIZE * 2] = {0}; |
| strcpy(area, input); |
| |
| for (ptr = control; *ptr; ptr++) |
