1 files changed, 39 insertions, 0 deletions

diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch
new file mode 100644
index 0000000000..c602493afc
--- /dev/null
+++ b/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch
@@ -0,0 +1,39 @@
+Fix rotate check logic
+
+Rotate passwd checking code has logic error, which writes data into
+un-allocated memory. This patch fixes the issue.
+
+Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
+
+diff --git a/libbb/obscure.c b/libbb/obscure.c
+index 750b611..4a07b5f 100644
+--- a/libbb/obscure.c
++++ b/libbb/obscure.c
+@@ -135,7 +135,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
+ {
+ 	const char *msg;
+ 	char *newmono, *wrapped;
+-	int lenwrap;
++	int lenold, lenwrap;
+ 
+ 	if (strcmp(newval, old) == 0)
+ 		return "no change";
+@@ -144,7 +144,8 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
+ 
+ 	msg = NULL;
+ 	newmono = str_lower(xstrdup(newval));
+-	lenwrap = strlen(old) * 2 + 1;
++	lenold = strlen(old);
++	lenwrap = lenold * 2 + 1;
+ 	wrapped = (char *) xmalloc(lenwrap);
+ 	str_lower(strcpy(wrapped, old));
+ 
+@@ -158,7 +159,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
+ 		msg = "too similiar";
+ 
+ 	else {
+-		safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
++		safe_strncpy(wrapped + lenold, wrapped, lenold + 1);
+ 		if (strstr(wrapped, newmono))
+ 			msg = "rotated";
+ 	}