diff options
author | Timo Teräs <timo.teras@iki.fi> | 2017-03-20 15:25:48 +0200 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2017-03-21 08:15:29 +0200 |
commit | 1a4d299a0242a02aa0d4843dd9947d4187e70414 (patch) | |
tree | 524965445ca8c9eba7f425db6ffb2035d8025500 /main/musl/0023-fix-one-byte-overflow-in-legacy-getpass-function.patch | |
parent | c12931e8863fa9fddc90390db24a4a591f43043e (diff) | |
download | aports-1a4d299a0242a02aa0d4843dd9947d4187e70414.tar.bz2 aports-1a4d299a0242a02aa0d4843dd9947d4187e70414.tar.xz |
main/musl: cherry-pick upstream fixes
ldso changes (lazy emulation etc) are not stable yet, so it's
are not included. the missing patch numbers are for those commits.
Diffstat (limited to 'main/musl/0023-fix-one-byte-overflow-in-legacy-getpass-function.patch')
-rw-r--r-- | main/musl/0023-fix-one-byte-overflow-in-legacy-getpass-function.patch | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/main/musl/0023-fix-one-byte-overflow-in-legacy-getpass-function.patch b/main/musl/0023-fix-one-byte-overflow-in-legacy-getpass-function.patch new file mode 100644 index 0000000000..ef0efac006 --- /dev/null +++ b/main/musl/0023-fix-one-byte-overflow-in-legacy-getpass-function.patch @@ -0,0 +1,27 @@ +From 3ec8b3aeb88cef8574a7b0f677ebc1801f03821d Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Tue, 14 Mar 2017 15:13:16 -0400 +Subject: [PATCH] fix one-byte overflow in legacy getpass function + +if the length of the input was equal to the buffer size (128), a fixed +value of zero was written one byte past the end of the static buffer. +--- + src/legacy/getpass.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/legacy/getpass.c b/src/legacy/getpass.c +index 15ab9851..d51286c0 100644 +--- a/src/legacy/getpass.c ++++ b/src/legacy/getpass.c +@@ -27,7 +27,7 @@ char *getpass(const char *prompt) + + l = read(fd, password, sizeof password); + if (l >= 0) { +- if (l > 0 && password[l-1] == '\n') l--; ++ if (l > 0 && password[l-1] == '\n' || l==sizeof password) l--; + password[l] = 0; + } + +-- +2.11.1 + |