[BusyBox] patch to login, dmesg and obscure
Erik Andersen
andersen at codepoet.org
Wed Jul 30 07:55:26 UTC 2003
On Wed Jul 30, 2003 at 11:22:40AM +0400, Vladimir N. Oleynik wrote:
> >>* libbb/obscure.c:password_check()
> >>There was a buffer overflow bug which cased passwd command to segfault
> >>when invoked by any other than the superuser.
>
> This moment have algoritmicaly problem, not overflow:
> strcat(wrapped, wrapped) - may be looped.
>
> Hand patch:
>
> - else if (strstr(strcat(wrapped, wrapped), newmono))
> + else {
> + safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
> + if (strstr(wrapped, newmono))
> +}
Yipe! strcat(wrapped, wrapped) is very evil!
Good find vodz!
-Erik
--
Erik B. Andersen http://codepoet-consulting.com/
--This message was written using 73% post-consumer electrons--
More information about the busybox
mailing list