|
|
Re: patch to login, dmesg and obscure: msg#00212linux.busybox
> > * libbb/obscure.c:password_check() > > There was a buffer overflow bug which cased passwd command to > > segfault when invoked by any other than the superuser. > > from libbb/obscure.c:password_check() > newmono = str_lower(bb_xstrdup(newval)); > lenwrap = strlen(old) * 2 + 1; > wrapped = (char *) xmalloc(lenwrap); > wrapped have size(old) * 2 +1. This can`t overflow for rotate check. > Are you realy sure?? Becuse some lines down ther's a strcat(wrapped, wrapped) instruction where the actual overflow occure. This is an excerpt from STRCAT(3) manpage: DESCRIPTION The strcat() function appends the src string to the dest string over writing the `\0' character at the end of dest, and then adds a terminating `\0' character. The strings may not overlap, and the dest string must have enough space for the result. Which clearly says the used behaviour is illegal. > > * util-linux/dmesg.c: > But, CONFIG_FEATURE_CLEAN_UP is very not require. > > You must add > #ifdef CONFIG_FEATURE_CLEAN_UP > = NULL; > #endif > To your patch. ok, I'll fix it. /Ronny |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Some problems with busybox-1.0.0-pre1: 00212, Eric Spakman |
|---|---|
| Next by Date: | Re: Some problems with busybox-1.0.0-pre1: 00212, Eric Spakman |
| Previous by Thread: | Re: patch to login, dmesg and obscurei: 00212, Vladimir N. Oleynik |
| Next by Thread: | Re: patch to login, dmesg and obscure: 00212, Vladimir N. Oleynik |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |