Fix buffer overflow processing long words in Mangle(). Patch adpated from upstream commit, omitting changes to 'NEWS': https://github.com/cracklib/cracklib/commit/33d7fa4585247cd2247a1ffa032ad245836c6edb From 33d7fa4585247cd2247a1ffa032ad245836c6edb Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Thu, 25 Aug 2016 17:17:53 +0200 Subject: [PATCH] Fix a buffer overflow processing long words A buffer overflow processing long words has been discovered. This commit applies the patch from https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch by Howard Guo. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835386 and http://www.openwall.com/lists/oss-security/2016/08/23/8 --- src/NEWS | 1 + src/lib/rules.c | 5 ++--- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/rules.c b/src/lib/rules.c index d193cc0..3a2aa46 100644 --- a/lib/rules.c +++ b/lib/rules.c @@ -434,9 +434,8 @@ Mangle(input, control) /* returns a pointer to a controlled Mangle */ { int limit; register char *ptr; - static char area[STRINGSIZE]; - char area2[STRINGSIZE]; - area[0] = '\0'; + static char area[STRINGSIZE * 2] = {0}; + char area2[STRINGSIZE * 2] = {0}; strcpy(area, input); for (ptr = control; *ptr; ptr++)