From 3124a9ecee24769f395d3dc4179a5f0e9268b5c0 Mon Sep 17 00:00:00 2001 From: Eric Andersen Date: Wed, 30 Jul 2003 07:57:06 +0000 Subject: Vladimir N. Oleynik writes: This moment have algoritmicaly problem, not overflow: strcat(wrapped, wrapped) - may be looped. Hand patch: - else if (strstr(strcat(wrapped, wrapped), newmono)) + else { + safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1); + if (strstr(wrapped, newmono)) +} --w vodz --- libbb/obscure.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'libbb') diff --git a/libbb/obscure.c b/libbb/obscure.c index 1a99b7cf9..537d4484f 100644 --- a/libbb/obscure.c +++ b/libbb/obscure.c @@ -157,8 +157,11 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp) else if (similiar(wrapped, newmono)) msg = "too similiar"; - else if (strstr(strcat(wrapped, wrapped), newmono)) - msg = "rotated"; + else { + safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1); + if (strstr(wrapped, newmono)) + msg = "rotated"; + } bzero(newmono, strlen(newmono)); bzero(wrapped, lenwrap); -- cgit v1.2.3