patch to login, dmesg and obscure

Hi
I've discovered some bugs in the BusyBox unstable branch and since it doesn't 
seem to fixed in the 1.0.0-pre1 release I created a patch with my changes. 
Description below:


* libbb/obscure.c:password_check()
There was a buffer overflow bug which cased passwd command to segfault when 
invoked by any other than the superuser.


* loginutils/login.c:
The login process should always timeout if user don't login sucessfully within 
reasonable time. Otherwise we're sensetive to a DOS attack by simply doing a 
bunch of simultaneous telnet connections (deploys all availible TTY's).

This patch make login.c terminate the connection after  "TIMEOUT" seconds.


* util-linux/dmesg.c:
If BusyBox was compiled with -DCONFIG_FEATURE_CLEAN_UP dmesg command segfaults 
if invoked with the "-n" option. (Due to a free() of an uninitialized 
pointer).


Are they good enough for inclusion?
Best regards

        /Ronny Nilsson




---------------

bbronny.diff
Description: Text Data

_______________________________________________
busybox mailing list
busybox@xxxxxxxxxxxxxxxx
http://codepoet.org/mailman/listinfo/busybox