Permalink
Browse files

Fix a buffer overflow processing long words

  • Loading branch information...
1 parent 47e5dec commit 33d7fa4585247cd2247a1ffa032ad245836c6edb @jandd jandd committed Aug 25, 2016
Showing with 3 additions and 3 deletions.
  1. +1 −0 src/NEWS
  2. +2 −3 src/lib/rules.c
View
@@ -1,4 +1,5 @@
v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field
+ fix a buffer overflow processing long words
v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists
migration to github
patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller)
View
@@ -434,9 +434,8 @@ Mangle(input, control) /* returns a pointer to a controlled Mangle */
{
int limit;
register char *ptr;
- static char area[STRINGSIZE];
- char area2[STRINGSIZE];
- area[0] = '\0';
+ static char area[STRINGSIZE * 2] = {0};
+ char area2[STRINGSIZE * 2] = {0};
strcpy(area, input);
for (ptr = control; *ptr; ptr++)

0 comments on commit 33d7fa4

Please sign in to comment.