[Pkg-cracklib-commits] [pkg-cracklib] 02/02: Fix "python-cracklib accepts anything" by modifying debian/patches/libcrack2-error-safer-check-varian.patch to perform proper error message copying (Closes: #737040)

Sat Feb 1 20:11:14 UTC 2014

This is an automated email from the git hooks/post-receive script.

jandd pushed a commit to branch master
in repository pkg-cracklib.

commit 4ed7df3abc9a462f4bb5e95135099a849d151556
Author: Jan Dittberner <jandd at debian.org>
Date:   Sat Feb 1 21:07:07 2014 +0100

    Fix "python-cracklib accepts anything" by modifying debian/patches/libcrack2-error-safer-check-varian.patch to perform proper error message copying (Closes: #737040)
---
 debian/changelog                                   |  3 ++
 .../libcrack2-error-safer-check-variant.patch      | 32 ++++++++++++++++------
 2 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 2a7ff9f..bae397f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,9 @@ cracklib2 (2.9.1-1) UNRELEASED; urgency=medium
     - run wrap-and-sort
   * add debian/patches/improve_test_737040.patch to check for proper behavior
     of Python low level code
+  * Fix "python-cracklib accepts anything" by modifying
+    debian/patches/libcrack2-error-safer-check-varian.patch to perform proper
+    error message copying (Closes: #737040)
 
  -- Jan Dittberner <jandd at debian.org>  Sat, 01 Feb 2014 15:58:15 +0100
 
diff --git a/debian/patches/libcrack2-error-safer-check-variant.patch b/debian/patches/libcrack2-error-safer-check-variant.patch
index 683aa4f..ce7cf4c 100644
--- a/debian/patches/libcrack2-error-safer-check-variant.patch
+++ b/debian/patches/libcrack2-error-safer-check-variant.patch
@@ -1,22 +1,25 @@
 Subject: add a safer check variant
 Author: Markus Wanner <markus at bluegap.ch>
 Bug-Debian: http://bugs.debian.org/682735
+Bug-Debian: http://bugs.debian.org/737040
 --- a/lib/fascist.c
 +++ b/lib/fascist.c
-@@ -882,6 +882,48 @@
+@@ -882,6 +882,60 @@
      return FascistCheckUser(password, path, NULL, NULL);
  }
  
 +/* This Debian specific method is a work-around for Debian #682735. Please
 +   do not rely on it being available in future verisons of cracklib2. */
 +int
-+__DEBIAN_SPECIFIC__SafeFascistCheck(password, path, errstr)
++__DEBIAN_SPECIFIC__SafeFascistCheck(password, path, errstr, errstr_len)
 +    const char *password;
 +    const char *path;
 +    char *errstr;
++    size_t errstr_len;
 +{
 +    PWDICT *pwp;
 +    char pwtrunced[STRINGSIZE];
++    char *error;
 +
 +    /* If passed null for the path, use a compiled-in default */
 +    if ( ! path )
@@ -40,9 +43,19 @@ Bug-Debian: http://bugs.debian.org/682735
 +	return 0;
 +    }
 +
-+    /* sure seems like we should close the database, since we're only likely to check one password */
-+    errstr = FascistLook(pwp, pwtrunced);
 +
++    error = FascistLook(pwp, pwtrunced);
++    if (error != NULL)
++    {
++        strncpy(errstr, error, errstr_len);
++        errstr[errstr_len - 1] = '\0';
++    }
++    else
++    {
++        errstr[0] = '\0';
++    }
++
++    /* sure seems like we should close the database, since we're only likely to check one password */
 +    PWClose(pwp);
 +    pwp = (PWDICT *)0;
 +
@@ -54,7 +67,7 @@ Bug-Debian: http://bugs.debian.org/682735
  {
 --- a/lib/crack.h
 +++ b/lib/crack.h
-@@ -22,6 +22,14 @@
+@@ -22,6 +22,15 @@
  extern const char *FascistCheckUser(const char *pw, const char *dictpath,
  				    const char *user, const char *gecos);
  
@@ -64,7 +77,8 @@ Bug-Debian: http://bugs.debian.org/682735
 +   opening or reading the dictionary. In the later case, please check
 +   errno. */
 +extern int __DEBIAN_SPECIFIC__SafeFascistCheck(const char *pw,
-+					const char *dictpath, char *errmsg);
++					const char *dictpath, char *errmsg,
++                                        size_t errmsg_len);
 +
  /* This function returns the compiled in value for DEFAULT_CRACKLIB_DICT.
   */
@@ -143,7 +157,7 @@ Bug-Debian: http://bugs.debian.org/682735
      char *defaultdict = NULL;
 -    const char *result;
 +    int result;
-+    char *errmsg;
++    char errmsg[255];
      struct stat st;
      char *keywords[] = {"pw", "dictpath", NULL};
      char *dictfile;
@@ -153,7 +167,7 @@ Bug-Debian: http://bugs.debian.org/682735
      LOCK();
 -    result = FascistCheck(candidate, dict ? dict : defaultdict);
 +    result = __DEBIAN_SPECIFIC__SafeFascistCheck(candidate,
-+            dict ? dict : defaultdict, errmsg);
++            dict ? dict : defaultdict, errmsg, sizeof(errmsg));
      UNLOCK();
  
      if (defaultdict != NULL)
@@ -166,7 +180,7 @@ Bug-Debian: http://bugs.debian.org/682735
      {
 -    	PyErr_SetString(PyExc_ValueError, result);
 -        return NULL;
-+        if (errmsg != NULL)
++        if ((errmsg != NULL) && (strlen(errmsg) > 0))
 +        {
 +            PyErr_SetString(PyExc_ValueError, errmsg);
 +            return NULL;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-cracklib/pkg-cracklib.git

