Package: libpam-opie Version: 0.21-8 Severity: normal Tags: patch Hi, in accessfile.c of libpam-opie is an off-by-one error:
if (!(opiealwayspath = malloc(strlen(homedir) + sizeof(OPIE_ALWAYS_FILE) +
1)))
return 1;
strcpy(opiealwayspath, homedir);
strcat(opiealwayspath, "/");
strcat(opiealwayspath, OPIE_ALWAYS_FILE);
this reserves space on the stack for the size of homdir+/+OPIE_ALWAYS_FILE but
not
for the 0-byte at the end. I haven't investigated in which situations
this could crash but should be fixed anyway.
if (!(opiealwayspath = malloc(strlen(homedir) + sizeof(OPIE_ALWAYS_FILE) +
2)))
return 1;
would be correct.
Kind regards
Nico
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
--
Nico Golde - http://www.ngolde.de
JAB: [EMAIL PROTECTED] - GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons,
gimme a keyboard with 103/104/105 keys!
signature.asc
Description: Digital signature
