mirror of
https://github.com/sheumann/hush.git
synced 2024-12-26 10:32:02 +00:00
Vladimir N. Oleynik writes:
This moment have algoritmicaly problem, not overflow: strcat(wrapped, wrapped) - may be looped. Hand patch: - else if (strstr(strcat(wrapped, wrapped), newmono)) + else { + safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1); + if (strstr(wrapped, newmono)) +} --w vodz
This commit is contained in:
parent
b99aec0ba5
commit
3124a9ecee
@ -157,8 +157,11 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
|
|||||||
else if (similiar(wrapped, newmono))
|
else if (similiar(wrapped, newmono))
|
||||||
msg = "too similiar";
|
msg = "too similiar";
|
||||||
|
|
||||||
else if (strstr(strcat(wrapped, wrapped), newmono))
|
else {
|
||||||
msg = "rotated";
|
safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
|
||||||
|
if (strstr(wrapped, newmono))
|
||||||
|
msg = "rotated";
|
||||||
|
}
|
||||||
|
|
||||||
bzero(newmono, strlen(newmono));
|
bzero(newmono, strlen(newmono));
|
||||||
bzero(wrapped, lenwrap);
|
bzero(wrapped, lenwrap);
|
||||||
|
Loading…
Reference in New Issue
Block a user