Package: checkpw Severity: grave Tags: security Hi Gerrit, please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0885 (feel free to lower the severity, I don't know checkpw myself)
I'm attaching a cleaned-up diff between the 1.03 and 1.02 releases. Cheers, Moritz
diff -Naur checkpw-1.02/checkapoppw.c checkpw-1.03/checkapoppw.c --- checkpw-1.02/checkapoppw.c 2002-01-07 08:25:10.000000000 +0100 +++ checkpw-1.03/checkapoppw.c 2015-02-21 00:42:57.000000000 +0100 @@ -85,7 +85,7 @@ pw = getpwnam(login); if (pw) break; if (errno == error_txtbsy) die(111); - for (; ext != login && *ext != '-'; --ext); + do {--ext;} while (ext != login && *ext != '-'); if (ext == login) die(1); if (i) login[i] = '-'; i = ext - login; diff -Naur checkpw-1.02/checkpw.c checkpw-1.03/checkpw.c --- checkpw-1.02/checkpw.c 2002-01-07 08:23:51.000000000 +0100 +++ checkpw-1.03/checkpw.c 2015-02-21 00:42:33.000000000 +0100 @@ -71,7 +71,7 @@ pw = getpwnam(login); if (pw) break; if (errno == error_txtbsy) die(111); - for (; ext != login && *ext != '-'; --ext); + do {--ext;} while (ext != login && *ext != '-'); if (ext == login) die(1); if (i) login[i] = '-'; i = ext - login;