diff options
Diffstat (limited to 'meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch')
-rw-r--r-- | meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch new file mode 100644 index 0000000000..c602493afc --- /dev/null +++ b/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch @@ -0,0 +1,39 @@ +Fix rotate check logic + +Rotate passwd checking code has logic error, which writes data into +un-allocated memory. This patch fixes the issue. + +Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com> + +diff --git a/libbb/obscure.c b/libbb/obscure.c +index 750b611..4a07b5f 100644 +--- a/libbb/obscure.c ++++ b/libbb/obscure.c +@@ -135,7 +135,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp) + { + const char *msg; + char *newmono, *wrapped; +- int lenwrap; ++ int lenold, lenwrap; + + if (strcmp(newval, old) == 0) + return "no change"; +@@ -144,7 +144,8 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp) + + msg = NULL; + newmono = str_lower(xstrdup(newval)); +- lenwrap = strlen(old) * 2 + 1; ++ lenold = strlen(old); ++ lenwrap = lenold * 2 + 1; + wrapped = (char *) xmalloc(lenwrap); + str_lower(strcpy(wrapped, old)); + +@@ -158,7 +159,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp) + msg = "too similiar"; + + else { +- safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1); ++ safe_strncpy(wrapped + lenold, wrapped, lenold + 1); + if (strstr(wrapped, newmono)) + msg = "rotated"; + } |