[Pkg-cracklib-commits] [pkg-cracklib] 01/06: Fix "Buffer overflow processing long words" by applying patch from https://build.opensuse.org/package/view_file/Base:System/cracklib/ 0004-overflow-processing-long-words.patch (Closes: #835386)

Jan Dittberner jandd at moszumanska.debian.org
Thu Aug 25 15:46:45 UTC 2016


This is an automated email from the git hooks/post-receive script.

jandd pushed a commit to branch master
in repository pkg-cracklib.

commit 9a882cd117a27ab32f56bde86ee014af2a30c19f
Author: Jan Dittberner <jandd at debian.org>
Date:   Thu Aug 25 17:03:51 2016 +0200

    Fix "Buffer overflow processing long words" by applying patch from https://build.opensuse.org/package/view_file/Base:System/cracklib/ 0004-overflow-processing-long-words.patch (Closes: #835386)
---
 debian/changelog                                   |  8 ++++++++
 .../patches/overflow-processing-long-words.patch   | 22 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 31 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index e43344d..e5db67a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+cracklib2 (2.9.2-3) UNRELEASED; urgency=medium
+
+  * Fix "Buffer overflow processing long words" by applying patch from
+    https://build.opensuse.org/package/view_file/Base:System/cracklib/
+    0004-overflow-processing-long-words.patch (Closes: #835386)
+
+ -- Jan Dittberner <jandd at debian.org>  Thu, 25 Aug 2016 17:03:01 +0200
+
 cracklib2 (2.9.2-2) unstable; urgency=medium
 
   * Fix "CVE-2016-6318: Stack-based buffer overflow when parsing large
diff --git a/debian/patches/overflow-processing-long-words.patch b/debian/patches/overflow-processing-long-words.patch
new file mode 100644
index 0000000..5d459d6
--- /dev/null
+++ b/debian/patches/overflow-processing-long-words.patch
@@ -0,0 +1,22 @@
+Description: The input word is guaranteed to be at most STRINGSIZE-1 in length.
+ One of the mangle operations involves duplicating the input word, resulting in
+ a string twice the length to be accommodated by both area variables.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835386
+Author: Howard Guo <hguo at suse.com>
+Last-Update: 2016-08-17
+
+diff -rupN 3/lib/rules.c 3-patched/lib/rules.c
+--- 3/lib/rules.c	2016-08-16 14:16:24.033261876 +0200
++++ 3-patched/lib/rules.c	2016-08-17 13:57:14.485782894 +0200
+@@ -434,9 +434,8 @@ Mangle(input, control)		/* returns a poi
+ {
+     int limit;
+     register char *ptr;
+-    static char area[STRINGSIZE];
+-    char area2[STRINGSIZE];
+-    area[0] = '\0';
++    static char area[STRINGSIZE * 2] = {0};
++    char area2[STRINGSIZE * 2] = {0};
+     strcpy(area, input);
+ 
+     for (ptr = control; *ptr; ptr++)
diff --git a/debian/patches/series b/debian/patches/series
index fcd2207..5f148ae 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ install-debian-python-modules.patch
 libcrack2-error-safer-check-variant.patch
 improve_test_737040.patch
 CVE-2016-6318.patch
+overflow-processing-long-words.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-cracklib/pkg-cracklib.git



More information about the Pkg-cracklib-commits mailing list