From 3124a9ecee24769f395d3dc4179a5f0e9268b5c0 Mon Sep 17 00:00:00 2001
From: Eric Andersen <andersen@codepoet.org>
Date: Wed, 30 Jul 2003 07:57:06 +0000
Subject: Vladimir N. Oleynik writes:

    This moment have algoritmicaly problem, not overflow:
    strcat(wrapped, wrapped) - may be looped.

    Hand patch:

    - else if (strstr(strcat(wrapped, wrapped), newmono))
    + else {
    +    safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
    +    if (strstr(wrapped, newmono))
    +}

    --w
    vodz
---
 libbb/obscure.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'libbb/obscure.c')

diff --git a/libbb/obscure.c b/libbb/obscure.c
index 1a99b7cf9..537d4484f 100644
--- a/libbb/obscure.c
+++ b/libbb/obscure.c
@@ -157,8 +157,11 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
 	else if (similiar(wrapped, newmono))
 		msg = "too similiar";
 
-	else if (strstr(strcat(wrapped, wrapped), newmono))
-		msg = "rotated";
+	else {
+		safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
+		if (strstr(wrapped, newmono))
+			msg = "rotated";
+	}
 
 	bzero(newmono, strlen(newmono));
 	bzero(wrapped, lenwrap);
-- 
cgit v1.2.3