diff options
| author | Eric Andersen <andersen@codepoet.org> | 2003-07-30 07:57:06 +0000 |
|---|---|---|
| committer | Eric Andersen <andersen@codepoet.org> | 2003-07-30 07:57:06 +0000 |
| commit | 3124a9ecee24769f395d3dc4179a5f0e9268b5c0 (patch) | |
| tree | dad288a73ce6097ccba604031e4b28907986cc32 | |
| parent | b99aec0ba5b5b5f7f565c89bb0dab158d7342fee (diff) | |
| download | busybox-3124a9ecee24769f395d3dc4179a5f0e9268b5c0.tar.gz | |
Vladimir N. Oleynik writes:
This moment have algoritmicaly problem, not overflow:
strcat(wrapped, wrapped) - may be looped.
Hand patch:
- else if (strstr(strcat(wrapped, wrapped), newmono))
+ else {
+ safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
+ if (strstr(wrapped, newmono))
+}
--w
vodz
| -rw-r--r-- | libbb/obscure.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/libbb/obscure.c b/libbb/obscure.c index 1a99b7cf9..537d4484f 100644 --- a/libbb/obscure.c +++ b/libbb/obscure.c @@ -157,8 +157,11 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp) else if (similiar(wrapped, newmono)) msg = "too similiar"; - else if (strstr(strcat(wrapped, wrapped), newmono)) - msg = "rotated"; + else { + safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1); + if (strstr(wrapped, newmono)) + msg = "rotated"; + } bzero(newmono, strlen(newmono)); bzero(wrapped, lenwrap); |