3 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318
5 Patch copied from Red Hat:
7 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6318
8 https://bugzilla.redhat.com/attachment.cgi?id=1188599&action=diff
10 It is not safe to pass words longer than STRINGSIZE further to cracklib
11 so the longbuffer cannot be longer than STRINGSIZE.
12 diff -up cracklib-2.9.0/lib/fascist.c.longgecos cracklib-2.9.0/lib/fascist.c
13 --- cracklib-2.9.0/lib/fascist.c.longgecos 2014-02-06 16:03:59.000000000 +0100
14 +++ cracklib-2.9.0/lib/fascist.c 2016-08-08 12:05:40.279235815 +0200
15 @@ -515,7 +515,7 @@ FascistGecosUser(char *password, const c
16 char gbuffer[STRINGSIZE];
17 char tbuffer[STRINGSIZE];
18 char *uwords[STRINGSIZE];
19 - char longbuffer[STRINGSIZE * 2];
20 + char longbuffer[STRINGSIZE];
24 @@ -596,38 +596,47 @@ FascistGecosUser(char *password, const c
26 for (i = 0; i < j; i++)
28 - strcpy(longbuffer, uwords[i]);
29 - strcat(longbuffer, uwords[j]);
31 - if (GTry(longbuffer, password))
32 + if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
34 - return _("it is derived from your password entry");
37 - strcpy(longbuffer, uwords[j]);
38 - strcat(longbuffer, uwords[i]);
39 + strcpy(longbuffer, uwords[i]);
40 + strcat(longbuffer, uwords[j]);
42 - if (GTry(longbuffer, password))
44 - return _("it's derived from your password entry");
45 + if (GTry(longbuffer, password))
47 + return _("it is derived from your password entry");
50 + strcpy(longbuffer, uwords[j]);
51 + strcat(longbuffer, uwords[i]);
53 + if (GTry(longbuffer, password))
55 + return _("it's derived from your password entry");
59 - longbuffer[0] = uwords[i][0];
60 - longbuffer[1] = '\0';
61 - strcat(longbuffer, uwords[j]);
63 - if (GTry(longbuffer, password))
64 + if (strlen(uwords[j]) < STRINGSIZE - 1)
66 - return _("it is derivable from your password entry");
67 + longbuffer[0] = uwords[i][0];
68 + longbuffer[1] = '\0';
69 + strcat(longbuffer, uwords[j]);
71 + if (GTry(longbuffer, password))
73 + return _("it is derivable from your password entry");
77 - longbuffer[0] = uwords[j][0];
78 - longbuffer[1] = '\0';
79 - strcat(longbuffer, uwords[i]);
81 - if (GTry(longbuffer, password))
82 + if (strlen(uwords[i]) < STRINGSIZE - 1)
84 - return _("it's derivable from your password entry");
85 + longbuffer[0] = uwords[j][0];
86 + longbuffer[1] = '\0';
87 + strcat(longbuffer, uwords[i]);
89 + if (GTry(longbuffer, password))
91 + return _("it's derivable from your password entry");