summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorDongxiao Xu <dongxiao.xu@intel.com>2011-03-10 12:33:26 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2011-03-10 18:14:25 -0800
commit10ce85af3309c9412993dd80c2ef8dedebce11d3 (patch)
tree03cd7618cbd4971669cfbbc67f506b238eada269 /meta/recipes-core
parent2c52b652bf00c440d04ff9d3e6423934143e49d6 (diff)
downloadpoky-10ce85af3309c9412993dd80c2ef8dedebce11d3.tar.gz
tinylogin: Fix rotate passwd check logic
Fix rotate passwd check logic which will write data into un-allocated memory. This fixes [YOCTO #735] (From OE-Core rev: 4499beb9ef70d207e0d1f60eae77634a77fc44c3) Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch39
-rw-r--r--meta/recipes-core/tinylogin/tinylogin_1.4.bb5
2 files changed, 42 insertions, 2 deletions
diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch
new file mode 100644
index 0000000000..c602493afc
--- /dev/null
+++ b/meta/recipes-core/tinylogin/tinylogin-1.4/passwd_rotate_check.patch
@@ -0,0 +1,39 @@
1Fix rotate check logic
2
3Rotate passwd checking code has logic error, which writes data into
4un-allocated memory. This patch fixes the issue.
5
6Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
7
8diff --git a/libbb/obscure.c b/libbb/obscure.c
9index 750b611..4a07b5f 100644
10--- a/libbb/obscure.c
11+++ b/libbb/obscure.c
12@@ -135,7 +135,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
13 {
14 const char *msg;
15 char *newmono, *wrapped;
16- int lenwrap;
17+ int lenold, lenwrap;
18
19 if (strcmp(newval, old) == 0)
20 return "no change";
21@@ -144,7 +144,8 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
22
23 msg = NULL;
24 newmono = str_lower(xstrdup(newval));
25- lenwrap = strlen(old) * 2 + 1;
26+ lenold = strlen(old);
27+ lenwrap = lenold * 2 + 1;
28 wrapped = (char *) xmalloc(lenwrap);
29 str_lower(strcpy(wrapped, old));
30
31@@ -158,7 +159,7 @@ password_check(const char *old, const char *newval, const struct passwd *pwdp)
32 msg = "too similiar";
33
34 else {
35- safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
36+ safe_strncpy(wrapped + lenold, wrapped, lenold + 1);
37 if (strstr(wrapped, newmono))
38 msg = "rotated";
39 }
diff --git a/meta/recipes-core/tinylogin/tinylogin_1.4.bb b/meta/recipes-core/tinylogin/tinylogin_1.4.bb
index df626cf72b..0b51b25853 100644
--- a/meta/recipes-core/tinylogin/tinylogin_1.4.bb
+++ b/meta/recipes-core/tinylogin/tinylogin_1.4.bb
@@ -7,14 +7,15 @@ and groups on an embedded system."
7HOMEPAGE = "http://tinylogin.busybox.net/" 7HOMEPAGE = "http://tinylogin.busybox.net/"
8LICENSE = "GPLv2" 8LICENSE = "GPLv2"
9LIC_FILES_CHKSUM="file://LICENSE;md5=f1060fa3a366f098b5b1d8c2077ba269" 9LIC_FILES_CHKSUM="file://LICENSE;md5=f1060fa3a366f098b5b1d8c2077ba269"
10PR = "r5" 10PR = "r6"
11 11
12SRC_URI = "http://tinylogin.busybox.net/downloads/tinylogin-${PV}.tar.bz2 \ 12SRC_URI = "http://tinylogin.busybox.net/downloads/tinylogin-${PV}.tar.bz2 \
13 file://cvs-20040608.patch;patch=1;pnum=1 \ 13 file://cvs-20040608.patch;patch=1;pnum=1 \
14 file://add-system.patch;patch=1;pnum=1 \ 14 file://add-system.patch;patch=1;pnum=1 \
15 file://adduser-empty_pwd.patch;patch=1 \ 15 file://adduser-empty_pwd.patch;patch=1 \
16 file://remove-index.patch;patch=1 \ 16 file://remove-index.patch;patch=1 \
17 file://use_O2_option.patch" 17 file://use_O2_option.patch \
18 file://passwd_rotate_check.patch"
18 19
19SRC_URI[md5sum] = "44da0ff2b727455669890b24305e351d" 20SRC_URI[md5sum] = "44da0ff2b727455669890b24305e351d"
20SRC_URI[sha256sum] = "5e542e4b7825305a3678bf73136c392feb0d44b8bbf926e8eda5453eea7ddd6b" 21SRC_URI[sha256sum] = "5e542e4b7825305a3678bf73136c392feb0d44b8bbf926e8eda5453eea7ddd6b"