diff options
| author | Dongxiao Xu <dongxiao.xu@intel.com> | 2011-03-10 12:33:26 +0800 |
|---|---|---|
| committer | Saul Wold <sgw@linux.intel.com> | 2011-03-10 17:10:50 -0800 |
| commit | 4499beb9ef70d207e0d1f60eae77634a77fc44c3 (patch) | |
| tree | 2c13d25cdee9a64a076a8982918739e837b2d18f /meta/recipes-core | |
| parent | 724137e50762f190438e8e87d3f0f9edd99ea11d (diff) | |
| download | openembedded-core-4499beb9ef70d207e0d1f60eae77634a77fc44c3.tar.gz openembedded-core-4499beb9ef70d207e0d1f60eae77634a77fc44c3.tar.bz2 openembedded-core-4499beb9ef70d207e0d1f60eae77634a77fc44c3.zip | |
tinylogin: Fix rotate passwd check logic
Fix rotate passwd check logic which will write data into un-allocated
memory.
This fixes [YOCTO #735]
Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
Diffstat (limited to 'meta/recipes-core')
| -rw-r--r-- | meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch | 39 | ||||
| -rw-r--r-- | meta/recipes-core/tinylogin/tinylogin_1.4.bb | 5 |
2 files changed, 42 insertions, 2 deletions
diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch new file mode 100644 index 0000000000..c602493afc --- /dev/null +++ b/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch @@ -0,0 +1,39 @@ +Fix rotate check logic + +Rotate passwd checking code has logic error, which writes data into +un-allocated memory. This patch fixes the issue. + +Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com> + +diff --git a/libbb/obscure.c b/libbb/obscure.c +index 750b611..4a07b5f 100644 +--- a/libbb/obscure.c ++++ b/libbb/obscure.c +@@ -135,7 +135,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp) + { + const char *msg; + char *newmono, *wrapped; +- int lenwrap; ++ int lenold, lenwrap; + + if (strcmp(newval, old) == 0) + return "no change"; +@@ -144,7 +144,8 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp) + + msg = NULL; + newmono = str_lower(xstrdup(newval)); +- lenwrap = strlen(old) * 2 + 1; ++ lenold = strlen(old); ++ lenwrap = lenold * 2 + 1; + wrapped = (char *) xmalloc(lenwrap); + str_lower(strcpy(wrapped, old)); + +@@ -158,7 +159,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp) + msg = "too similiar"; + + else { +- safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1); ++ safe_strncpy(wrapped + lenold, wrapped, lenold + 1); + if (strstr(wrapped, newmono)) + msg = "rotated"; + } diff --git a/meta/recipes-core/tinylogin/tinylogin_1.4.bb b/meta/recipes-core/tinylogin/tinylogin_1.4.bb index df626cf72b..0b51b25853 100644 --- a/meta/recipes-core/tinylogin/tinylogin_1.4.bb +++ b/meta/recipes-core/tinylogin/tinylogin_1.4.bb @@ -7,14 +7,15 @@ and groups on an embedded system." HOMEPAGE = "http://tinylogin.busybox.net/" LICENSE = "GPLv2" LIC_FILES_CHKSUM="file://LICENSE;md5=f1060fa3a366f098b5b1d8c2077ba269" -PR = "r5" +PR = "r6" SRC_URI = "http://tinylogin.busybox.net/downloads/tinylogin-${PV}.tar.bz2 \ file://cvs-20040608.patch;patch=1;pnum=1 \ file://add-system.patch;patch=1;pnum=1 \ file://adduser-empty_pwd.patch;patch=1 \ file://remove-index.patch;patch=1 \ - file://use_O2_option.patch" + file://use_O2_option.patch \ + file://passwd_rotate_check.patch" SRC_URI[md5sum] = "44da0ff2b727455669890b24305e351d" SRC_URI[sha256sum] = "5e542e4b7825305a3678bf73136c392feb0d44b8bbf926e8eda5453eea7ddd6b" |