| From 33d7fa4585247cd2247a1ffa032ad245836c6edb Mon Sep 17 00:00:00 2001 |
| From: Jan Dittberner <jan@dittberner.info> |
| Date: Thu, 25 Aug 2016 17:17:53 +0200 |
| Subject: [PATCH] Fix a buffer overflow processing long words |
| |
| A buffer overflow processing long words has been discovered. This commit |
| applies the patch from |
| https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch |
| by Howard Guo. |
| |
| See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835386 and |
| http://www.openwall.com/lists/oss-security/2016/08/23/8 |
| |
| Signed-off-by: Stefan SΓΈrensen <stefan.sorensen@spectralink.com> |
| --- |
| |
| Status: upstream, not yet released. |
| |
| lib/rules.c | 5 ++--- |
| 2 files changed, 3 insertions(+), 3 deletions(-) |
| |
| diff --git a/lib/rules.c b/lib/rules.c |
| index d193cc0..3a2aa46 100644 |
| --- a/lib/rules.c |
| +++ b/lib/rules.c |
| @@ -434,9 +434,8 @@ Mangle(input, control) /* returns a pointer to a controlled Mangle */ |
| { |
| int limit; |
| register char *ptr; |
| - static char area[STRINGSIZE]; |
| - char area2[STRINGSIZE]; |
| - area[0] = '\0'; |
| + static char area[STRINGSIZE * 2] = {0}; |
| + char area2[STRINGSIZE * 2] = {0}; |
| strcpy(area, input); |
| |
| for (ptr = control; *ptr; ptr++) |
| -- |
| 2.9.3 |
| |
