145 lines
3.9 KiB
Diff
145 lines
3.9 KiB
Diff
|
diff -up cracklib-2.9.6/lib/fascist.c.overflow cracklib-2.9.6/lib/fascist.c
|
||
|
--- cracklib-2.9.6/lib/fascist.c.overflow 2015-10-23 16:58:38.403319225 +0200
|
||
|
+++ cracklib-2.9.6/lib/fascist.c 2016-12-08 17:28:41.490101358 +0100
|
||
|
@@ -515,7 +515,7 @@ FascistGecosUser(char *password, const c
|
||
|
char gbuffer[STRINGSIZE];
|
||
|
char tbuffer[STRINGSIZE];
|
||
|
char *uwords[STRINGSIZE];
|
||
|
- char longbuffer[STRINGSIZE * 2];
|
||
|
+ char longbuffer[STRINGSIZE];
|
||
|
|
||
|
if (gecos == NULL)
|
||
|
gecos = "";
|
||
|
@@ -596,38 +596,47 @@ FascistGecosUser(char *password, const c
|
||
|
{
|
||
|
for (i = 0; i < j; i++)
|
||
|
{
|
||
|
- strcpy(longbuffer, uwords[i]);
|
||
|
- strcat(longbuffer, uwords[j]);
|
||
|
-
|
||
|
- if (GTry(longbuffer, password))
|
||
|
+ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
|
||
|
{
|
||
|
- return _("it is derived from your password entry");
|
||
|
- }
|
||
|
-
|
||
|
- strcpy(longbuffer, uwords[j]);
|
||
|
- strcat(longbuffer, uwords[i]);
|
||
|
+ strcpy(longbuffer, uwords[i]);
|
||
|
+ strcat(longbuffer, uwords[j]);
|
||
|
|
||
|
- if (GTry(longbuffer, password))
|
||
|
- {
|
||
|
- return _("it's derived from your password entry");
|
||
|
+ if (GTry(longbuffer, password))
|
||
|
+ {
|
||
|
+ return _("it is derived from your password entry");
|
||
|
+ }
|
||
|
+
|
||
|
+ strcpy(longbuffer, uwords[j]);
|
||
|
+ strcat(longbuffer, uwords[i]);
|
||
|
+
|
||
|
+ if (GTry(longbuffer, password))
|
||
|
+ {
|
||
|
+ return _("it's derived from your password entry");
|
||
|
+ }
|
||
|
}
|
||
|
|
||
|
- longbuffer[0] = uwords[i][0];
|
||
|
- longbuffer[1] = '\0';
|
||
|
- strcat(longbuffer, uwords[j]);
|
||
|
-
|
||
|
- if (GTry(longbuffer, password))
|
||
|
+ if (strlen(uwords[j]) < STRINGSIZE - 1)
|
||
|
{
|
||
|
- return _("it is derivable from your password entry");
|
||
|
+ longbuffer[0] = uwords[i][0];
|
||
|
+ longbuffer[1] = '\0';
|
||
|
+ strcat(longbuffer, uwords[j]);
|
||
|
+
|
||
|
+ if (GTry(longbuffer, password))
|
||
|
+ {
|
||
|
+ return _("it is derivable from your password entry");
|
||
|
+ }
|
||
|
}
|
||
|
|
||
|
- longbuffer[0] = uwords[j][0];
|
||
|
- longbuffer[1] = '\0';
|
||
|
- strcat(longbuffer, uwords[i]);
|
||
|
-
|
||
|
- if (GTry(longbuffer, password))
|
||
|
+ if (strlen(uwords[i]) < STRINGSIZE - 1)
|
||
|
{
|
||
|
- return _("it's derivable from your password entry");
|
||
|
+ longbuffer[0] = uwords[j][0];
|
||
|
+ longbuffer[1] = '\0';
|
||
|
+ strcat(longbuffer, uwords[i]);
|
||
|
+
|
||
|
+ if (GTry(longbuffer, password))
|
||
|
+ {
|
||
|
+ return _("it's derivable from your password entry");
|
||
|
+ }
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
diff -up cracklib-2.9.6/lib/rules.c.overflow cracklib-2.9.6/lib/rules.c
|
||
|
--- cracklib-2.9.6/lib/rules.c.overflow 2015-10-23 16:58:38.000000000 +0200
|
||
|
+++ cracklib-2.9.6/lib/rules.c 2016-12-08 18:03:27.041941297 +0100
|
||
|
@@ -158,6 +158,8 @@ Pluralise(string, area) /* returns a po
|
||
|
register int length;
|
||
|
length = strlen(string);
|
||
|
strcpy(area, string);
|
||
|
+ if (length > STRINGSIZE - 3) /* we add 2 characters at worst */
|
||
|
+ return (area);
|
||
|
|
||
|
if (!Suffix(string, "ch") ||
|
||
|
!Suffix(string, "ex") ||
|
||
|
@@ -462,11 +464,11 @@ Mangle(input, control, area) /* returns
|
||
|
Pluralise(area2, area);
|
||
|
break;
|
||
|
case RULE_REFLECT:
|
||
|
- strcat(area, Reverse(area, area2));
|
||
|
+ strncat(area, Reverse(area, area2), STRINGSIZE - strlen(area) - 1);
|
||
|
break;
|
||
|
case RULE_DUPLICATE:
|
||
|
strcpy(area2, area);
|
||
|
- strcat(area, area2);
|
||
|
+ strncat(area, area2, STRINGSIZE - strlen(area) - 1);
|
||
|
break;
|
||
|
case RULE_GT:
|
||
|
if (!ptr[1])
|
||
|
@@ -514,7 +516,8 @@ Mangle(input, control, area) /* returns
|
||
|
} else
|
||
|
{
|
||
|
area2[0] = *(++ptr);
|
||
|
- strcpy(area2 + 1, area);
|
||
|
+ strncpy(area2 + 1, area, STRINGSIZE - 2);
|
||
|
+ area2[STRINGSIZE - 1] = '\0';
|
||
|
strcpy(area, area2);
|
||
|
}
|
||
|
break;
|
||
|
@@ -528,8 +531,10 @@ Mangle(input, control, area) /* returns
|
||
|
register char *string;
|
||
|
string = area;
|
||
|
while (*(string++));
|
||
|
- string[-1] = *(++ptr);
|
||
|
- *string = '\0';
|
||
|
+ if (string < area + STRINGSIZE) {
|
||
|
+ string[-1] = *(++ptr);
|
||
|
+ *string = '\0';
|
||
|
+ }
|
||
|
}
|
||
|
break;
|
||
|
case RULE_EXTRACT:
|
||
|
@@ -600,6 +605,10 @@ Mangle(input, control, area) /* returns
|
||
|
}
|
||
|
p1 = area;
|
||
|
p2 = area2;
|
||
|
+ if (strlen(p1) > STRINGSIZE - 2) {
|
||
|
+ /* truncate */
|
||
|
+ p1[STRINGSIZE - 2] = '\0';
|
||
|
+ }
|
||
|
while (i && *p1)
|
||
|
{
|
||
|
i--;
|