|
|
Re: patch to login, dmesg and obscure: msg#00241linux.busybox
On Wed Jul 30, 2003 at 11:22:40AM +0400, Vladimir N. Oleynik wrote: > >>* libbb/obscure.c:password_check() > >>There was a buffer overflow bug which cased passwd command to segfault > >>when invoked by any other than the superuser. > > This moment have algoritmicaly problem, not overflow: > strcat(wrapped, wrapped) - may be looped. > > Hand patch: > > - else if (strstr(strcat(wrapped, wrapped), newmono)) > + else { > + safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1); > + if (strstr(wrapped, newmono)) > +} Yipe! strcat(wrapped, wrapped) is very evil! Good find vodz! -Erik -- Erik B. Andersen http://codepoet-consulting.com/ --This message was written using 73% post-consumer electrons-- |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: patch to login, dmesg and obscure: 00241, Vladimir N. Oleynik |
|---|---|
| Next by Date: | Re: v4tunnels in ifupdown: 00241, Erik Andersen |
| Previous by Thread: | Re: patch to login, dmesg and obscurei: 00241, Erik Andersen |
| Next by Thread: | Re: patch to login, dmesg and obscure: 00241, Vladimir N. Oleynik |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |