[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    Re: [BusyBox] patch to login, dmesg and obscure
From:       Stefan Jeglinski <jeglin () 4pi ! com>
Date:       2003-07-30 19:25:32
[Download RAW message or body]

>>>I've discovered some bugs in the BusyBox unstable branch and since 
>>>it doesn't seem to fixed in the 1.0.0-pre1 release I created a 
>>>patch with my changes. Description below:
>
>>* libbb/obscure.c:password_check()
>>There was a buffer overflow bug which cased passwd command to 
>>segfault when invoked by any other than the superuser.
>
>
>This moment have algoritmicaly problem, not overflow:
>strcat(wrapped, wrapped) - may be looped.
>
>Hand patch:
>
>- else if (strstr(strcat(wrapped, wrapped), newmono))
>+ else {
>+    safe_strncpy(wrapped + lenwrap, wrapped, lenwrap + 1);
>+    if (strstr(wrapped, newmono))
>+}

I'm seeing the passwd seg fault using busybox 1.0.0-pre1 on an ARM 
(Rio receiver), although I can't address the 'when invoked by any 
other than the superuser' because there are no users defined on my 
system yet. I'm following this thread, but it is a bit unclear 
because of some opposing discussion. Will applying the patch given 
above fix the seg fault?


Stefan Jeglinski

[prev in list] [next in list] [prev in thread] [next in thread]