1 files changed, 105 insertions, 0 deletions
diff --git a/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch b/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch
new file mode 100644
index 0000000000..b251ac9056
--- /dev/null
+++ b/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch
@@ -0,0 +1,105 @@
+From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001
+From: Jan Dittberner <jan@dittberner.info>
+Date: Thu, 25 Aug 2016 17:13:49 +0200
+Subject: [PATCH] Apply patch to fix CVE-2016-6318
+This patch fixes an issue with a stack-based buffer overflow when
+parsing large GECOS field. See
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and
+https://security-tracker.debian.org/tracker/CVE-2016-6318 for more
+information.
+Upstream-Status: Backport [https://github.com/cracklib/cracklib/commit/47e5dec521ab6243c9b249dd65b93d232d90d6b1]
+CVE: CVE-2016-6318
+Signed-off-by: Dengke Du <dengke.du@windriver.com>
+---
+ lib/fascist.c | 57 ++++++++++++++++++++++++++++++++-----------------------
+ 1 file changed, 33 insertions(+), 24 deletions(-)
+diff --git a/lib/fascist.c b/lib/fascist.c
+index a996509..d4deb15 100644
+--- a/lib/fascist.c
+++ b/lib/fascist.c
+@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
+     char gbuffer[STRINGSIZE];
+     char tbuffer[STRINGSIZE];
+     char *uwords[STRINGSIZE];
+-    char longbuffer[STRINGSIZE * 2];
+    char longbuffer[STRINGSIZE];
+ 
+     if (gecos == NULL)
+        gecos = "";
+@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
+     {
+        for (i = 0; i < j; i++)
+        {
+-           strcpy(longbuffer, uwords[i]);
+-           strcat(longbuffer, uwords[j]);
+-
+-           if (GTry(longbuffer, password))
+           if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
+            {
+-               return _("it is derived from your password entry");
+-           }
+               strcpy(longbuffer, uwords[i]);
+               strcat(longbuffer, uwords[j]);
+ 
+-           strcpy(longbuffer, uwords[j]);
+-           strcat(longbuffer, uwords[i]);
+               if (GTry(longbuffer, password))
+               {
+                   return _("it is derived from your password entry");
+               }
+ 
+-           if (GTry(longbuffer, password))
+-           {
+-               return _("it's derived from your password entry");
+-           }
+               strcpy(longbuffer, uwords[j]);
+               strcat(longbuffer, uwords[i]);
+ 
+-           longbuffer[0] = uwords[i][0];
+-           longbuffer[1] = '\0';
+-           strcat(longbuffer, uwords[j]);
+               if (GTry(longbuffer, password))
+               {
+                  return _("it's derived from your password entry");
+               }
+           }
+ 
+-           if (GTry(longbuffer, password))
+           if (strlen(uwords[j]) < STRINGSIZE - 1)
+            {
+-               return _("it is derivable from your password entry");
+               longbuffer[0] = uwords[i][0];
+               longbuffer[1] = '\0';
+               strcat(longbuffer, uwords[j]);
+
+               if (GTry(longbuffer, password))
+               {
+                   return _("it is derivable from your password entry");
+               }
+            }
+ 
+-           longbuffer[0] = uwords[j][0];
+-           longbuffer[1] = '\0';
+-           strcat(longbuffer, uwords[i]);
+-
+-           if (GTry(longbuffer, password))
+           if (strlen(uwords[i]) < STRINGSIZE - 1)
+            {
+-               return _("it's derivable from your password entry");
+               longbuffer[0] = uwords[j][0];
+               longbuffer[1] = '\0';
+               strcat(longbuffer, uwords[i]);
+
+               if (GTry(longbuffer, password))
+               {
+                   return _("it's derivable from your password entry");
+               }
+            }
+        }
+     }
+-- 
+2.8.1

diff --git a/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch b/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch new file mode 100644 index 0000000000..b251ac9056 --- /dev/null +++ b/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch
@@ -0,0 +1,105 @@
	1	From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001
	2	From: Jan Dittberner <jan@dittberner.info>
	3	Date: Thu, 25 Aug 2016 17:13:49 +0200
	4	Subject: [PATCH] Apply patch to fix CVE-2016-6318
	5
	6	This patch fixes an issue with a stack-based buffer overflow when
	7	parsing large GECOS field. See
	8	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and
	9	https://security-tracker.debian.org/tracker/CVE-2016-6318 for more
	10	information.
	11
	12	Upstream-Status: Backport [https://github.com/cracklib/cracklib/commit/47e5dec521ab6243c9b249dd65b93d232d90d6b1]
	13	CVE: CVE-2016-6318
	14	Signed-off-by: Dengke Du <dengke.du@windriver.com>
	15	---
	16	lib/fascist.c \| 57 ++++++++++++++++++++++++++++++++-----------------------
	17	1 file changed, 33 insertions(+), 24 deletions(-)
	18
	19	diff --git a/lib/fascist.c b/lib/fascist.c
	20	index a996509..d4deb15 100644
	21	--- a/lib/fascist.c
	22	+++ b/lib/fascist.c
	23	@@ -502,7 +502,7 @@ FascistGecosUser(char password, const char user, const char *gecos)
	24	char gbuffer[STRINGSIZE];
	25	char tbuffer[STRINGSIZE];
	26	char *uwords[STRINGSIZE];
	27	- char longbuffer[STRINGSIZE * 2];
	28	+ char longbuffer[STRINGSIZE];
	29
	30	if (gecos == NULL)
	31	gecos = "";
	32	@@ -583,38 +583,47 @@ FascistGecosUser(char password, const char user, const char *gecos)
	33	{
	34	for (i = 0; i < j; i++)
	35	{
	36	- strcpy(longbuffer, uwords[i]);
	37	- strcat(longbuffer, uwords[j]);
	38	-
	39	- if (GTry(longbuffer, password))
	40	+ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
	41	{
	42	- return _("it is derived from your password entry");
	43	- }
	44	+ strcpy(longbuffer, uwords[i]);
	45	+ strcat(longbuffer, uwords[j]);
	46
	47	- strcpy(longbuffer, uwords[j]);
	48	- strcat(longbuffer, uwords[i]);
	49	+ if (GTry(longbuffer, password))
	50	+ {
	51	+ return _("it is derived from your password entry");
	52	+ }
	53
	54	- if (GTry(longbuffer, password))
	55	- {
	56	- return _("it's derived from your password entry");
	57	- }
	58	+ strcpy(longbuffer, uwords[j]);
	59	+ strcat(longbuffer, uwords[i]);
	60
	61	- longbuffer[0] = uwords[i][0];
	62	- longbuffer[1] = '\0';
	63	- strcat(longbuffer, uwords[j]);
	64	+ if (GTry(longbuffer, password))
	65	+ {
	66	+ return _("it's derived from your password entry");
	67	+ }
	68	+ }
	69
	70	- if (GTry(longbuffer, password))
	71	+ if (strlen(uwords[j]) < STRINGSIZE - 1)
	72	{
	73	- return _("it is derivable from your password entry");
	74	+ longbuffer[0] = uwords[i][0];
	75	+ longbuffer[1] = '\0';
	76	+ strcat(longbuffer, uwords[j]);
	77	+
	78	+ if (GTry(longbuffer, password))
	79	+ {
	80	+ return _("it is derivable from your password entry");
	81	+ }
	82	}
	83
	84	- longbuffer[0] = uwords[j][0];
	85	- longbuffer[1] = '\0';
	86	- strcat(longbuffer, uwords[i]);
	87	-
	88	- if (GTry(longbuffer, password))
	89	+ if (strlen(uwords[i]) < STRINGSIZE - 1)
	90	{
	91	- return _("it's derivable from your password entry");
	92	+ longbuffer[0] = uwords[j][0];
	93	+ longbuffer[1] = '\0';
	94	+ strcat(longbuffer, uwords[i]);
	95	+
	96	+ if (GTry(longbuffer, password))
	97	+ {
	98	+ return _("it's derivable from your password entry");
	99	+ }
	100	}
	101	}
	102	}
	103	--
	104	2.8.1
	105