Fix chpasswd and chgpasswd stack overflow. Based on Fedora's shadow-4.0.18.1-overflow.patch.

2007-11-10 18:48:23 +00:00
parent 6a051e1544
commit 1bdb92706e
4 changed files with 21 additions and 5 deletions
--- a/src/chgpasswd.c
+++ b/src/chgpasswd.c
@@ -243,9 +243,13 @@ int main (int argc, char **argv)
 		newpwd = cp;
 		if (!eflg) {
 			if (md5flg) {
-				char salt[12] = "$1$";
+				char tmp[12];
+				char salt[15] = "";

-				strcat (salt, crypt_make_salt ());
+				strcat (tmp, crypt_make_salt ());
+				if (!strncmp (tmp, "$1$", 3))
+					strcat (salt, "$1$");
+				strcat (salt, tmp);
 				cp = pw_encrypt (newpwd, salt);
 			} else
 				cp = pw_encrypt (newpwd, crypt_make_salt ());
--- a/src/chpasswd.c
+++ b/src/chpasswd.c
@@ -239,9 +239,13 @@ int main (int argc, char **argv)
 		newpwd = cp;
 		if (!eflg) {
 			if (md5flg) {
-				char salt[12] = "$1$";
+				char tmp[12];
+				char salt[15] = "";

-				strcat (salt, crypt_make_salt ());
+				strcat (tmp, crypt_make_salt ());
+				if (!strncmp (tmp, "$1$", 3))
+					strcat (salt, "$1$");
+				strcat (salt, tmp);
 				cp = pw_encrypt (newpwd, salt);
 			} else
 				cp = pw_encrypt (newpwd, crypt_make_salt ());