From 4499beb9ef70d207e0d1f60eae77634a77fc44c3 Mon Sep 17 00:00:00 2001
From: Dongxiao Xu <dongxiao.xu@intel.com>
Date: Thu, 10 Mar 2011 12:33:26 +0800
Subject: tinylogin: Fix rotate passwd check logic

Fix rotate passwd check logic which will write data into un-allocated
memory.

This fixes [YOCTO #735]

Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
---
 .../tinylogin-1.4/passwd_rotate_check.patch        | 39 ++++++++++++++++++++++
 meta/recipes-core/tinylogin/tinylogin_1.4.bb       |  5 +--
 2 files changed, 42 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch

(limited to 'meta/recipes-core/tinylogin')

diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch
new file mode 100644
index 0000000000..c602493afc
--- /dev/null
+++ b/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch
@@ -0,0 +1,39 @@
+Fix rotate check logic
+
+Rotate passwd checking code has logic error, which writes data into
+un-allocated memory. This patch fixes the issue.
+
+Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
+
+diff --git a/libbb/obscure.c b/libbb/obscure.c
+index 750b611..4a07b5f 100644
+--- a/libbb/obscure.c
++++ b/libbb/obscure.c
+@@ -135,7 +135,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
+ {
+ 	const char *msg;
+ 	char *newmono, *wrapped;
+-	int lenwrap;
++	int lenold, lenwrap;
+ 
+ 	if (strcmp(newval, old) == 0)
+ 		return "no change";
+@@ -144,7 +144,8 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
+ 
+ 	msg = NULL;
+ 	newmono = str_lower(xstrdup(newval));
+-	lenwrap = strlen(old) * 2 + 1;
++	lenold = strlen(old);
++	lenwrap = lenold * 2 + 1;
+ 	wrapped = (char *) xmalloc(lenwrap);
+ 	str_lower(strcpy(wrapped, old));
+ 
+@@ -158,7 +159,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
+ 		msg = "too similiar";
+ 
+ 	else {
+-		safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
++		safe_strncpy(wrapped + lenold, wrapped, lenold + 1);
+ 		if (strstr(wrapped, newmono))
+ 			msg = "rotated";
+ 	}
diff --git a/meta/recipes-core/tinylogin/tinylogin_1.4.bb b/meta/recipes-core/tinylogin/tinylogin_1.4.bb
index df626cf72b..0b51b25853 100644
--- a/meta/recipes-core/tinylogin/tinylogin_1.4.bb
+++ b/meta/recipes-core/tinylogin/tinylogin_1.4.bb
@@ -7,14 +7,15 @@ and groups on an embedded system."
 HOMEPAGE = "http://tinylogin.busybox.net/"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM="file://LICENSE;md5=f1060fa3a366f098b5b1d8c2077ba269"
-PR = "r5"
+PR = "r6"
 
 SRC_URI = "http://tinylogin.busybox.net/downloads/tinylogin-${PV}.tar.bz2 \
 	file://cvs-20040608.patch;patch=1;pnum=1 \
 	file://add-system.patch;patch=1;pnum=1 \
 	file://adduser-empty_pwd.patch;patch=1 \
 	file://remove-index.patch;patch=1 \
-	file://use_O2_option.patch"
+	file://use_O2_option.patch \
+	file://passwd_rotate_check.patch"
 
 SRC_URI[md5sum] = "44da0ff2b727455669890b24305e351d"
 SRC_URI[sha256sum] = "5e542e4b7825305a3678bf73136c392feb0d44b8bbf926e8eda5453eea7ddd6b"
-- 
cgit 1.2.3-korg