fix chpasswd and chgpasswd stack overflow (#213052)

2006-11-14 10:07:36 +00:00 · 2006-11-14 10:07:36 +00:00 · 1295a7f472
commit 1295a7f472
parent a786dc2b51
2 changed files with 42 additions and 1 deletions
--- a/shadow-4.0.18.1-overflow.patch
+++ b/shadow-4.0.18.1-overflow.patch
@ -0,0 +1,36 @@
+--- shadow-4.0.17/src/chpasswd.c.overflow	2006-11-08 11:09:32.000000000 +0100
+++ shadow-4.0.17/src/chpasswd.c	2006-11-08 13:13:15.000000000 +0100
+@@ -239,9 +239,13 @@
+ 		newpwd = cp;
+ 		if (!eflg) {
+ 			if (md5flg) {
+-				char salt[12] = "$1$";
+				char tmp[12];
+				char salt[15] = "\0";
+ 
+-				strcat (salt, crypt_make_salt ());
+				strcpy( tmp, crypt_make_salt ());
+				if( !strncmp( tmp, "$1$", 3) )
+					strcat( salt, "$1$");
+				strcat( salt, tmp);
+ 				cp = pw_encrypt (newpwd, salt);
+ 			} else
+ 				cp = pw_encrypt (newpwd, crypt_make_salt ());
+--- shadow-4.0.17/src/chgpasswd.c.overflow	2006-11-08 13:13:40.000000000 +0100
+++ shadow-4.0.17/src/chgpasswd.c	2006-11-08 13:17:24.000000000 +0100
+@@ -243,9 +243,13 @@
+ 		newpwd = cp;
+ 		if (!eflg) {
+ 			if (md5flg) {
+-				char salt[12] = "$1$";
+				char tmp[12];
+				char salt[15] = "\0";
+ 
+-				strcat (salt, crypt_make_salt ());
+				strcpy( tmp, crypt_make_salt ());
+				if( !strncmp( tmp, "$1$", 3) )
+					strcat( salt, "$1$");
+				strcat( salt, tmp);
+ 				cp = pw_encrypt (newpwd, salt);
+ 			} else
+ 				cp = pw_encrypt (newpwd, crypt_make_salt ());