Fix buffer overflow processing long words in Mangle(). Patch adpated from upstream commit, omitting changes to 'NEWS': https://github.com/cracklib/cracklib/commit/33d7fa4585247cd2247a1ffa032ad245836c6edb From 33d7fa4585247cd2247a1ffa032ad245836c6edb Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Thu, 25 Aug 2016 17:17:53 +0200 Subject: [PATCH] Fix a buffer overflow processing long words A buffer overflow processing long words has been discovered. This commit applies the patch from https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch by Howard Guo. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835386 and http://www.openwall.com/lists/oss-security/2016/08/23/8 --- src/NEWS | 1 + src/lib/rules.c | 5 ++--- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/rules.c b/src/lib/rules.c index d193cc0..3a2aa46 100644 --- a/lib/rules.c +++ b/lib/rules.c @@ -434,9 +434,8 @@ Mangle(input, control) /* returns a pointer to a controlled Mangle */ { int limit; register char *ptr; - static char area[STRINGSIZE]; - char area2[STRINGSIZE]; - area[0] = '\0'; + static char area[STRINGSIZE * 2] = {0}; + char area2[STRINGSIZE * 2] = {0}; strcpy(area, input); for (ptr = control; *ptr; ptr++) ff/scripts?id=ac2fc1340647298874f35b4be5861d1e437d0a24'>diff
path: root/scripts
AgeCommit message (Expand)Author
2018-06-09pull: Install the new Guix in a profile....* guix/scripts/pull.scm (%pull-version): New variable. (build-from-source): Pass #:pull-version to BUILD. (whole-package-for-legacy, derivation->manifest-entry): New procedure. (build-and-install): Rewrite in terms of 'build-and-use-profile'. * guix/scripts/system.scm (maybe-suggest-running-guix-pull)[latest]: Switch to "/current". * scripts/guix.in (augment-load-paths!): Remove use of ~/.config/guix/latest. * build-aux/compile-as-derivation.scm: Replace "/guix/latest/" with "/current/share/guile/site/X.Y" * guix/scripts.scm (warn-about-old-distro)[age]: Check "/current" instead of "/latest". * doc/guix.texi (Invoking guix pull): Document it. * doc/contributing.texi (Running Guix Before It Is Installed): Remove footnote about abusing ~/.config/guix/latest. Ludovic Courtès
2018-01-28guix: Let Emacs detect “scripts/guix.in” appropriate mode....Since commit 6f774d481839f87178c5895ac2d661e141f879b8 which introduces the use of Guile's meta switch in “scripts/guix.in”, Emacs was not using ‘scheme-mode’ for this file. * scripts/guix.in: Replace "-*- scheme -*-" with a local variable. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Mathieu Lirzin
2018-01-23guix: Refactor script....* scripts/guix.in: Remove empty surrounding ‘let’. Define 'main' as the procedure called when running the script. (maybe-augment-load-paths!): Rename to ... (augment-load-paths!): ... this. Use 'and=>' for 'file-exists?'. (run-guix-main): Rename to ... (main): ... this. Call 'augment-load-paths!'. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Mathieu Lirzin
2018-01-23build: Expand ‘scripts/guix’ at Make time....This moves the complexity of Autotools variable expansion outside of the application code. * scripts/guix.in (config-lookup): Delete. (maybe-augment-load-paths!, run-guix-main): Use fully expanded variables instead of calling ‘config-lookup’. * configure.ac: Don't use AC_CONFIG_FILES for ‘scripts/guix’. Use AC_PROG_SED. * Makefile.am (scripts/guix): New rule. (do_subst): New variable. (CLEANFILES, EXTRA_DIST): Adapt. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Mathieu Lirzin
2017-03-20build: Install .go files to $libdir/guile/X.Y....* configure.ac: Define and substitute 'guileobjectdir'. * Makefile.am (nobase_nodist_guilemodule_DATA): Remove $(GOBJECTS). (nobase_nodist_guileobject_DATA): New variable. (guix_install_go_files): Adjust accordingly. (install-data-hook): Likewise. * scripts/guix.in (config-lookup): Add 'exec_prefix' and 'guileobjectdir'. Add '_' in VAR-REF-REGEXP. (maybe-augment-load-paths!): Distinguish OBJECT-DIR from MODULE-DIR. Ludovic Courtès