due to missing/misplaced boundary check, deleting characters could
underflow the password buffer.
Signed-off-by: Enrico Scholz <enrico.scholz@xxxxxxxxxxxxxxxxx>
---
common/password.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/common/password.c b/common/password.c
index a03e1db..d157a11 100644
--- a/common/password.c
+++ b/common/password.c
@@ -66,11 +66,14 @@ int password(unsigned char *passwd, size_t length, int flags, int timeout)
case CTL_CH('h'):
case KEY_DEL7:
case KEY_DEL:
- if (flags & STAR && pos > 0)
- puts("\b \b");
- *buf = '\0';
- buf--;
- pos--;
+ if (pos > 0) {
+ if (flags & STAR)
+ puts("\b \b");
+
+ *buf = '\0';
+ buf--;
+ pos--;
+ }
continue;
default:
if (pos < length - 1) {
--
1.7.11.7
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
