patch from Ivosh(iraisr) for small dictionary uninitialized buffer issue

git-svn-id: file:///tmp/cracklib-svn/trunk@201 4175fe1e-86d5-4fdc-8e6a-506fab9d8533

3 files changed, 19 insertions, 16 deletions

diff --git a/cracklib/NEWS b/cracklib/NEWS
index c3facb8..78322e0 100644
--- a/cracklib/NEWS
+++ b/cracklib/NEWS
@@ -1,5 +1,6 @@
 v2.8.20 include python/test_cracklib.py in release tarball (Jan Dittberner)
         rename python/_cracklibmodule.c to python/_cracklib.c to support Python 3.3 (Jan Dittberner)
+		patch from Ivosh (iraisr) for uninitialized buffer issue with small dictionaries.
 v2.8.19 drop autogenerated files from SVN (Mike Frysinger)
         add words from "The Top 500 Worst Passwords of All Time" <http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time> to dicts/cracklib-small (patch by Fabian Greffrath)
         include sys/stat.h in python/_cracklibmodule.c (Mike Frysinger)
diff --git a/cracklib/lib/packer.h b/cracklib/lib/packer.h
index e02dc24..3527f3d 100644
--- a/cracklib/lib/packer.h
+++ b/cracklib/lib/packer.h
@@ -67,7 +67,8 @@ typedef struct
     struct pi_header header;
 
     int count;
-    char data[NUMWORDS][MAXWORDLEN];
+    char data_put[NUMWORDS][MAXWORDLEN];
+    char data_get[NUMWORDS][MAXWORDLEN];
 } PWDICT;
 
 #define PW_WORDS(x) ((x)->header.pih_numwords)
diff --git a/cracklib/lib/packlib.c b/cracklib/lib/packlib.c
index a8c20e7..8f32d14 100644
--- a/cracklib/lib/packlib.c
+++ b/cracklib/lib/packlib.c
@@ -41,7 +41,8 @@ typedef struct
     uint64_t hwms[256];
     struct pi_header64 header;
     int count;
-    char data[NUMWORDS][MAXWORDLEN];
+    char data_put[NUMWORDS][MAXWORDLEN];
+    char data_get[NUMWORDS][MAXWORDLEN];
 } PWDICT64;
 
 
@@ -383,8 +384,8 @@ PutPW(pwp, string)
 
     if (string)
     {
-	strncpy(pwp->data[pwp->count], string, MAXWORDLEN);
-	pwp->data[pwp->count][MAXWORDLEN - 1] = '\0';
+	strncpy(pwp->data_put[pwp->count], string, MAXWORDLEN);
+	pwp->data_put[pwp->count][MAXWORDLEN - 1] = '\0';
 
 	pwp->hwms[string[0] & 0xff]= pwp->header.pih_numwords;
 
@@ -406,16 +407,16 @@ PutPW(pwp, string)
 
 	fwrite((char *) &datum, sizeof(datum), 1, pwp->ifp);
 
-	fputs(pwp->data[0], pwp->dfp);
+	fputs(pwp->data_put[0], pwp->dfp);
 	putc(0, pwp->dfp);
 
-	ostr = pwp->data[0];
+	ostr = pwp->data_put[0];
 
 	for (i = 1; i < NUMWORDS; i++)
 	{
 	    register int j;
 	    register char *nstr;
-	    nstr = pwp->data[i];
+	    nstr = pwp->data_put[i];
 
 	    if (nstr[0])
 	    {
@@ -428,7 +429,7 @@ PutPW(pwp, string)
 	    ostr = nstr;
 	}
 
-	memset(pwp->data, '\0', sizeof(pwp->data));
+	memset(pwp->data_put, '\0', sizeof(pwp->data_put));
 	pwp->count = 0;
     }
     return (0);
@@ -445,7 +446,6 @@ GetPW(pwp, number)
     register char *nstr;
     register char *bptr;
     char buffer[NUMWORDS * MAXWORDLEN];
-    static char data[NUMWORDS][MAXWORDLEN];
     static uint32_t prevblock = 0xffffffff;
     uint32_t thisblock;
 
@@ -454,9 +454,9 @@ GetPW(pwp, number)
     if (prevblock == thisblock)
     {
 #if DEBUG
-	fprintf(stderr, "returning (%s)\n", data[number % NUMWORDS]);
+	fprintf(stderr, "returning (%s)\n", pwp->data_get[number % NUMWORDS]);
 #endif
-	return (data[number % NUMWORDS]);
+	return (pwp->data_get[number % NUMWORDS]);
     }
 
     if (_PWIsBroken64(pwp->ifp))
@@ -507,7 +507,8 @@ GetPW(pwp, number)
 	return ((char *) 0);
     }
 	r = 0;
-	
+
+        memset(buffer, 0, sizeof(buffer));
 #ifdef HAVE_ZLIB_H
 	if (pwp->flags & PFOR_USEZLIB)
 	{
@@ -531,13 +532,13 @@ GetPW(pwp, number)
 
     bptr = buffer;
 
-    for (ostr = data[0]; (*(ostr++) = *(bptr++)); /* nothing */ );
+    for (ostr = pwp->data_get[0]; (*(ostr++) = *(bptr++)); /* nothing */ );
 
-    ostr = data[0];
+    ostr = pwp->data_get[0];
 
     for (i = 1; i < NUMWORDS; i++)
     {
-	nstr = data[i];
+	nstr = pwp->data_get[i];
 	strcpy(nstr, ostr);
 
 	ostr = nstr + *(bptr++);
@@ -546,7 +547,7 @@ GetPW(pwp, number)
 	ostr = nstr;
     }
 
-    return (data[number % NUMWORDS]);
+    return (pwp->data_get[number % NUMWORDS]);
 }
 
 unsigned int