Vladimir N. Oleynik writes:

This moment have algoritmicaly problem, not overflow:
    strcat(wrapped, wrapped) - may be looped.

    Hand patch:

    - else if (strstr(strcat(wrapped, wrapped), newmono))
    + else {
    +    safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
    +    if (strstr(wrapped, newmono))
    +}

    --w
    vodz
This commit is contained in:
Eric Andersen 2003-07-30 07:57:06 +00:00
parent b99aec0ba5
commit 3124a9ecee

View File

@ -157,8 +157,11 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
else if (similiar(wrapped, newmono)) else if (similiar(wrapped, newmono))
msg = "too similiar"; msg = "too similiar";
else if (strstr(strcat(wrapped, wrapped), newmono)) else {
safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
if (strstr(wrapped, newmono))
msg = "rotated"; msg = "rotated";
}
bzero(newmono, strlen(newmono)); bzero(newmono, strlen(newmono));
bzero(wrapped, lenwrap); bzero(wrapped, lenwrap);