summaryrefslogtreecommitdiffstats
path: root/deps/cracklib/patches
diff options
context:
space:
mode:
author Eric Hameleers <alien@slackware.com>2020-02-13 22:27:59 +0100
committer Eric Hameleers <alien@slackware.com>2020-02-13 22:27:59 +0100
commit445ea2ef242e33c9dd5b1accdab53b9cb5ef3189 (patch)
tree2a5bf018ed8faf7e655528a1d203e7424e4ebd40 /deps/cracklib/patches
parent05db356666d4337619657ed02451d79fd7d4f006 (diff)
downloadktown-445ea2ef242e33c9dd5b1accdab53b9cb5ef3189.tar.gz
ktown-445ea2ef242e33c9dd5b1accdab53b9cb5ef3189.tar.xz
Deps: remove cracklib which is now in Slackware itself
Diffstat (limited to 'deps/cracklib/patches')
-rw-r--r--deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch108
1 files changed, 0 insertions, 108 deletions
diff --git a/deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch b/deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch
deleted file mode 100644
index bc47734..0000000
--- a/deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001
-From: Jan Dittberner <jan@dittberner.info>
-Date: Thu, 25 Aug 2016 17:13:49 +0200
-Subject: [PATCH] Apply patch to fix CVE-2016-6318
-
-This patch fixes an issue with a stack-based buffer overflow whne
-parsing large GECOS field. See
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and
-https://security-tracker.debian.org/tracker/CVE-2016-6318 for more
-information.
----
- src/NEWS | 1 +
- src/lib/fascist.c | 57 ++++++++++++++++++++++++++++++++-----------------------
- 2 files changed, 34 insertions(+), 24 deletions(-)
-
-diff --git a/src/NEWS b/src/NEWS
-index 26abeee..361a207 100644
---- a/src/NEWS
-+++ b/src/NEWS
-@@ -1,3 +1,4 @@
-+v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field
- v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists
- migration to github
- patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller)
-diff --git a/src/lib/fascist.c b/src/lib/fascist.c
-index a996509..d4deb15 100644
---- a/src/lib/fascist.c
-+++ b/src/lib/fascist.c
-@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
- char gbuffer[STRINGSIZE];
- char tbuffer[STRINGSIZE];
- char *uwords[STRINGSIZE];
-- char longbuffer[STRINGSIZE * 2];
-+ char longbuffer[STRINGSIZE];
-
- if (gecos == NULL)
- gecos = "";
-@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
- {
- for (i = 0; i < j; i++)
- {
-- strcpy(longbuffer, uwords[i]);
-- strcat(longbuffer, uwords[j]);
--
-- if (GTry(longbuffer, password))
-+ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
- {
-- return _("it is derived from your password entry");
-- }
-+ strcpy(longbuffer, uwords[i]);
-+ strcat(longbuffer, uwords[j]);
-
-- strcpy(longbuffer, uwords[j]);
-- strcat(longbuffer, uwords[i]);
-+ if (GTry(longbuffer, password))
-+ {
-+ return _("it is derived from your password entry");
-+ }
-
-- if (GTry(longbuffer, password))
-- {
-- return _("it's derived from your password entry");
-- }
-+ strcpy(longbuffer, uwords[j]);
-+ strcat(longbuffer, uwords[i]);
-
-- longbuffer[0] = uwords[i][0];
-- longbuffer[1] = '\0';
-- strcat(longbuffer, uwords[j]);
-+ if (GTry(longbuffer, password))
-+ {
-+ return _("it's derived from your password entry");
-+ }
-+ }
-
-- if (GTry(longbuffer, password))
-+ if (strlen(uwords[j]) < STRINGSIZE - 1)
- {
-- return _("it is derivable from your password entry");
-+ longbuffer[0] = uwords[i][0];
-+ longbuffer[1] = '\0';
-+ strcat(longbuffer, uwords[j]);
-+
-+ if (GTry(longbuffer, password))
-+ {
-+ return _("it is derivable from your password entry");
-+ }
- }
-
-- longbuffer[0] = uwords[j][0];
-- longbuffer[1] = '\0';
-- strcat(longbuffer, uwords[i]);
--
-- if (GTry(longbuffer, password))
-+ if (strlen(uwords[i]) < STRINGSIZE - 1)
- {
-- return _("it's derivable from your password entry");
-+ longbuffer[0] = uwords[j][0];
-+ longbuffer[1] = '\0';
-+ strcat(longbuffer, uwords[i]);
-+
-+ if (GTry(longbuffer, password))
-+ {
-+ return _("it's derivable from your password entry");
-+ }
- }
- }
- }