diff options
Diffstat (limited to 'main/musl/0023-fix-one-byte-overflow-in-legacy-getpass-function.patch')
-rw-r--r-- | main/musl/0023-fix-one-byte-overflow-in-legacy-getpass-function.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/main/musl/0023-fix-one-byte-overflow-in-legacy-getpass-function.patch b/main/musl/0023-fix-one-byte-overflow-in-legacy-getpass-function.patch new file mode 100644 index 0000000000..ef0efac006 --- /dev/null +++ b/main/musl/0023-fix-one-byte-overflow-in-legacy-getpass-function.patch @@ -0,0 +1,27 @@ +From 3ec8b3aeb88cef8574a7b0f677ebc1801f03821d Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Tue, 14 Mar 2017 15:13:16 -0400 +Subject: [PATCH] fix one-byte overflow in legacy getpass function + +if the length of the input was equal to the buffer size (128), a fixed +value of zero was written one byte past the end of the static buffer. +--- + src/legacy/getpass.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/legacy/getpass.c b/src/legacy/getpass.c +index 15ab9851..d51286c0 100644 +--- a/src/legacy/getpass.c ++++ b/src/legacy/getpass.c +@@ -27,7 +27,7 @@ char *getpass(const char *prompt) + + l = read(fd, password, sizeof password); + if (l >= 0) { +- if (l > 0 && password[l-1] == '\n') l--; ++ if (l > 0 && password[l-1] == '\n' || l==sizeof password) l--; + password[l] = 0; + } + +-- +2.11.1 + |