Double buffer size in Mangle to allow for duplicate rules

No duplicating rules are enabled for the default rule set that is
run by the krb5-strength package, but close the latent security
vulnerability anyway.

Patch from Howard Guo <hguo@suse.com>.

diff --git a/cracklib/HISTORY b/cracklib/HISTORY
index 80c2196ae76b8e9ec630563a1e32c75772f9856c..b82f94096169d8d6e4049b58f099c2bbcdab32f7 100644 (file)
--- a/cracklib/HISTORY
+++ b/cracklib/HISTORY
@@ -21,6 +21,10 @@ following modifications have been made:
  * Close the dictionary after each password lookup.
  * Set hidden visibility on all CrackLib symbols.
  * Close the wfp file handle on PWClose if it's open.
+ * Applied various patches from distributions for security vulnerabilities.
+
+See the leading comments in each source file for a more detailed timeline
+and list of changes.
 
 Below is the original changelog for CrackLib:
 

diff --git a/cracklib/rules.c b/cracklib/rules.c
index c4ffc97db0422389cc989d8663677b62ae44e424..a3e439bcf1453f2ffa994bf170b4b3455e514981 100644 (file)
--- a/cracklib/rules.c
+++ b/cracklib/rules.c
@@ -9,6 +9,9 @@
 /*
  * Modified as part of the krb5-strength project as follows:
  *
+ * 2016-08-17  Howard Guo <hguo@suse.com>
+ *   - Double the length of buffers in Mangle to provide enough space to
+ *     handle duplicating rules.
  * 2007-03-22  Russ Allbery <eagle@eyrie.org>
  *   - Cap deletion of leading or trailing characters at one more than half
  *     the length of the password string and no more than five characters.
@@ -438,9 +441,8 @@ Mangle(const char *input, const char *control)
     int limit, min_to_shift;
     register int j;
     const char *ptr;
-    static char area[STRINGSIZE];
-    char area2[STRINGSIZE];
-    area[0] = '\0';
+    static char area[STRINGSIZE * 2] = "";
+    char area2[STRINGSIZE * 2] = "";
     strcpy(area, input);
 
     j = strlen(input);