rpms/libxcrypt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport upstream commit to use a safer strcpy for the NT method

Browse Source
This commit is contained in:
Björn Esser 2018-11-26 11:26:50 +01:00
parent d5493fd42e
commit b98b97d979
No known key found for this signature in database
GPG Key ID: F52E98007594C21D
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
libxcrypt-4.4.0-use_XCRYPT_STRCPY_OR_ABORT_in_crypt_nt_rn.patch Normal file
View File

@ -0,0 +1,35 @@
From 664bfda5a51dbaa75904b29a7cd3c51888db6bd9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Wed, 21 Nov 2018 18:27:51 +0100
Subject: [PATCH] Use XCRYPT_STRCPY_OR_ABORT in crypt_nt_rn.
---
crypt-nthash.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/crypt-nthash.c b/crypt-nthash.c
index bb7c1ff..83c45ea 100644
--- a/crypt-nthash.c
+++ b/crypt-nthash.c
@@ -49,9 +49,9 @@
void
crypt_nt_rn (const char *phrase, size_t ARG_UNUSED (phr_size),
- const char *setting, size_t ARG_UNUSED (set_size),
- uint8_t *output, size_t out_size,
- void *scratch, size_t scr_size)
+ const char *setting, size_t ARG_UNUSED (set_size),
+ uint8_t *output, size_t out_size,
+ void *scratch, size_t scr_size)
{
size_t unipwLen;
int i;
@@ -86,7 +86,7 @@ crypt_nt_rn (const char *phrase, size_t ARG_UNUSED (phr_size),
MD4_Update (ctx, unipw, unipwLen*sizeof(uint16_t));
MD4_Final (hash, ctx);
- output = (uint8_t *)stpcpy ((char *)output, magic);
+ output += XCRYPT_STRCPY_OR_ABORT (output, out_size, magic);
*output++ = '$';
for (i = 0; i < 16; i++)
{

6
libxcrypt.spec
View File

@ -89,7 +89,7 @@ fi \
Name: libxcrypt Name: libxcrypt
Version: 4.4.0 Version: 4.4.0
Release: 1%{?dist} Release: 2%{?dist}
Summary: Extended crypt library for DES, MD5, Blowfish and others Summary: Extended crypt library for DES, MD5, Blowfish and others
# For explicit license breakdown, see the # For explicit license breakdown, see the
@ -100,6 +100,7 @@ Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
# Patch 0000 - 2999: Backported patches from upstream. # Patch 0000 - 2999: Backported patches from upstream.
Patch0: %{url}/commit/a60130b2211c6666bee69051b2b76413af2d679f.patch#/%{name}-4.4.0-fix_manual-page-warning_list-type-stack0.patch Patch0: %{url}/commit/a60130b2211c6666bee69051b2b76413af2d679f.patch#/%{name}-4.4.0-fix_manual-page-warning_list-type-stack0.patch
Patch1: %{url}/commit/664bfda5a51dbaa75904b29a7cd3c51888db6bd9.patch#/%{name}-4.4.0-use_XCRYPT_STRCPY_OR_ABORT_in_crypt_nt_rn.patch
# Patch 3000 - 5999: Backported patches from pull requests. # Patch 3000 - 5999: Backported patches from pull requests.
@ -327,6 +328,9 @@ done
%changelog %changelog
* Mon Nov 26 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-2
- Backport upstream commit to use a safer strcpy for the NT method
* Tue Nov 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-1 * Tue Nov 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-1
- New upstream release - New upstream release