diff options
author | Nathan Neulinger <nneul@neulinger.org> | 2012-12-08 03:56:31 +0000 |
---|---|---|
committer | Nathan Neulinger <nneul@neulinger.org> | 2012-12-08 03:56:31 +0000 |
commit | 2a115302281c1df3c4a30e1acfe77dc78efd6208 (patch) | |
tree | f15d6128ab57fc034b79a1195da0a997b77a690e | |
parent | d6f5bd58e3b08f82e69115bb171ff950108967d6 (diff) | |
download | cracklib-2a115302281c1df3c4a30e1acfe77dc78efd6208.tar.gz |
patch from Ivosh(iraisr) for small dictionary uninitialized buffer issue
git-svn-id: file:///tmp/cracklib-svn/trunk@201 4175fe1e-86d5-4fdc-8e6a-506fab9d8533
-rw-r--r-- | cracklib/NEWS | 1 | ||||
-rw-r--r-- | cracklib/lib/packer.h | 3 | ||||
-rw-r--r-- | cracklib/lib/packlib.c | 31 |
3 files changed, 19 insertions, 16 deletions
diff --git a/cracklib/NEWS b/cracklib/NEWS index c3facb8..78322e0 100644 --- a/cracklib/NEWS +++ b/cracklib/NEWS @@ -1,5 +1,6 @@ v2.8.20 include python/test_cracklib.py in release tarball (Jan Dittberner) rename python/_cracklibmodule.c to python/_cracklib.c to support Python 3.3 (Jan Dittberner) + patch from Ivosh (iraisr) for uninitialized buffer issue with small dictionaries. v2.8.19 drop autogenerated files from SVN (Mike Frysinger) add words from "The Top 500 Worst Passwords of All Time" <http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time> to dicts/cracklib-small (patch by Fabian Greffrath) include sys/stat.h in python/_cracklibmodule.c (Mike Frysinger) diff --git a/cracklib/lib/packer.h b/cracklib/lib/packer.h index e02dc24..3527f3d 100644 --- a/cracklib/lib/packer.h +++ b/cracklib/lib/packer.h @@ -67,7 +67,8 @@ typedef struct struct pi_header header; int count; - char data[NUMWORDS][MAXWORDLEN]; + char data_put[NUMWORDS][MAXWORDLEN]; + char data_get[NUMWORDS][MAXWORDLEN]; } PWDICT; #define PW_WORDS(x) ((x)->header.pih_numwords) diff --git a/cracklib/lib/packlib.c b/cracklib/lib/packlib.c index a8c20e7..8f32d14 100644 --- a/cracklib/lib/packlib.c +++ b/cracklib/lib/packlib.c @@ -41,7 +41,8 @@ typedef struct uint64_t hwms[256]; struct pi_header64 header; int count; - char data[NUMWORDS][MAXWORDLEN]; + char data_put[NUMWORDS][MAXWORDLEN]; + char data_get[NUMWORDS][MAXWORDLEN]; } PWDICT64; @@ -383,8 +384,8 @@ PutPW(pwp, string) if (string) { - strncpy(pwp->data[pwp->count], string, MAXWORDLEN); - pwp->data[pwp->count][MAXWORDLEN - 1] = '\0'; + strncpy(pwp->data_put[pwp->count], string, MAXWORDLEN); + pwp->data_put[pwp->count][MAXWORDLEN - 1] = '\0'; pwp->hwms[string[0] & 0xff]= pwp->header.pih_numwords; @@ -406,16 +407,16 @@ PutPW(pwp, string) fwrite((char *) &datum, sizeof(datum), 1, pwp->ifp); - fputs(pwp->data[0], pwp->dfp); + fputs(pwp->data_put[0], pwp->dfp); putc(0, pwp->dfp); - ostr = pwp->data[0]; + ostr = pwp->data_put[0]; for (i = 1; i < NUMWORDS; i++) { register int j; register char *nstr; - nstr = pwp->data[i]; + nstr = pwp->data_put[i]; if (nstr[0]) { @@ -428,7 +429,7 @@ PutPW(pwp, string) ostr = nstr; } - memset(pwp->data, '\0', sizeof(pwp->data)); + memset(pwp->data_put, '\0', sizeof(pwp->data_put)); pwp->count = 0; } return (0); @@ -445,7 +446,6 @@ GetPW(pwp, number) register char *nstr; register char *bptr; char buffer[NUMWORDS * MAXWORDLEN]; - static char data[NUMWORDS][MAXWORDLEN]; static uint32_t prevblock = 0xffffffff; uint32_t thisblock; @@ -454,9 +454,9 @@ GetPW(pwp, number) if (prevblock == thisblock) { #if DEBUG - fprintf(stderr, "returning (%s)\n", data[number % NUMWORDS]); + fprintf(stderr, "returning (%s)\n", pwp->data_get[number % NUMWORDS]); #endif - return (data[number % NUMWORDS]); + return (pwp->data_get[number % NUMWORDS]); } if (_PWIsBroken64(pwp->ifp)) @@ -507,7 +507,8 @@ GetPW(pwp, number) return ((char *) 0); } r = 0; - + + memset(buffer, 0, sizeof(buffer)); #ifdef HAVE_ZLIB_H if (pwp->flags & PFOR_USEZLIB) { @@ -531,13 +532,13 @@ GetPW(pwp, number) bptr = buffer; - for (ostr = data[0]; (*(ostr++) = *(bptr++)); /* nothing */ ); + for (ostr = pwp->data_get[0]; (*(ostr++) = *(bptr++)); /* nothing */ ); - ostr = data[0]; + ostr = pwp->data_get[0]; for (i = 1; i < NUMWORDS; i++) { - nstr = data[i]; + nstr = pwp->data_get[i]; strcpy(nstr, ostr); ostr = nstr + *(bptr++); @@ -546,7 +547,7 @@ GetPW(pwp, number) ostr = nstr; } - return (data[number % NUMWORDS]); + return (pwp->data_get[number % NUMWORDS]); } unsigned int |