Bug#780139: CVE-2015-0885

Mon, 09 Mar 2015 10:06:00 -0700 

Package: checkpw
Severity: grave
Tags: security

Hi Gerrit,
please see
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0885
(feel free to lower the severity, I don't know checkpw myself)

I'm attaching a cleaned-up diff between the 1.03 and 1.02 releases.

Cheers,
        Moritz

diff -Naur checkpw-1.02/checkapoppw.c checkpw-1.03/checkapoppw.c
--- checkpw-1.02/checkapoppw.c	2002-01-07 08:25:10.000000000 +0100
+++ checkpw-1.03/checkapoppw.c	2015-02-21 00:42:57.000000000 +0100
@@ -85,7 +85,7 @@
     pw = getpwnam(login);
     if (pw) break;
     if (errno == error_txtbsy) die(111);
-    for (; ext != login && *ext != '-'; --ext);
+    do {--ext;} while (ext != login && *ext != '-');
     if (ext == login) die(1);
     if (i) login[i] = '-';
     i = ext - login;
diff -Naur checkpw-1.02/checkpw.c checkpw-1.03/checkpw.c
--- checkpw-1.02/checkpw.c	2002-01-07 08:23:51.000000000 +0100
+++ checkpw-1.03/checkpw.c	2015-02-21 00:42:33.000000000 +0100
@@ -71,7 +71,7 @@
     pw = getpwnam(login);
     if (pw) break;
     if (errno == error_txtbsy) die(111);
-    for (; ext != login && *ext != '-'; --ext);
+    do {--ext;} while (ext != login && *ext != '-');
     if (ext == login) die(1);
     if (i) login[i] = '-';
     i = ext - login;

Reply via email to