diff options
| author |   Thomas Deutschmann <whissi@gentoo.org> | 2016-09-14 22:55:05 +0200 |
|---|---|---|
| committer | Thomas Deutschmann <whissi@gentoo.org> | 2016-09-14 22:57:44 +0200 |
| commit | aac5b4f4a65ce70854e77014fa096b7bd2d34e43 (patch) | |
| tree | 23bd92f6ccbef14b54fab35d2049275fd41818b9 /sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch | |
| parent | sci-visualization/kst: add patch to fix build failure with USE="qt5" (diff) | |
| download | gentoo-aac5b4f4a65ce70854e77014fa096b7bd2d34e43.tar.gz gentoo-aac5b4f4a65ce70854e77014fa096b7bd2d34e43.tar.bz2 gentoo-aac5b4f4a65ce70854e77014fa096b7bd2d34e43.zip | |
sys-libs/cracklib: Revision bump to address CVE-2016-6318 and another buffer overflow
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Gentoo-Bug: https://bugs.gentoo.org/591456
Package-Manager: portage-2.3.0
Diffstat (limited to 'sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch')
| -rw-r--r-- | sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch b/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch new file mode 100644 index 000000000000..59dc9e539eb3 --- /dev/null +++ b/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch @@ -0,0 +1,43 @@ +From 33d7fa4585247cd2247a1ffa032ad245836c6edb Mon Sep 17 00:00:00 2001 +From: Jan Dittberner <jan@dittberner.info> +Date: Thu, 25 Aug 2016 17:17:53 +0200 +Subject: [PATCH] Fix a buffer overflow processing long words + +A buffer overflow processing long words has been discovered. This commit +applies the patch from +https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch +by Howard Guo. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835386 and +http://www.openwall.com/lists/oss-security/2016/08/23/8 +--- + src/NEWS | 1 + + src/lib/rules.c | 5 ++--- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/NEWS b/src/NEWS +index 361a207..f1df3b0 100644 +--- a/src/NEWS ++++ b/src/NEWS +@@ -1,4 +1,5 @@ + v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field ++ fix a buffer overflow processing long words + v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists + migration to github + patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller) +diff --git a/src/lib/rules.c b/src/lib/rules.c +index d193cc0..3a2aa46 100644 +--- a/src/lib/rules.c ++++ b/src/lib/rules.c +@@ -434,9 +434,8 @@ Mangle(input, control) /* returns a pointer to a controlled Mangle */ + { + int limit; + register char *ptr; +- static char area[STRINGSIZE]; +- char area2[STRINGSIZE]; +- area[0] = '\0'; ++ static char area[STRINGSIZE * 2] = {0}; ++ char area2[STRINGSIZE * 2] = {0}; + strcpy(area, input); + + for (ptr = control; *ptr; ptr++) |