On Tue, Dec 04, 2012 at 01:04:25PM +0100, Enrico Scholz wrote:
> due to missing/misplaced boundary check, deleting characters could
> underflow the password buffer.
>
> Signed-off-by: Enrico Scholz <enrico.scholz@xxxxxxxxxxxxxxxxx>
Applied, thanks
Sascha
> ---
> common/password.c | 13 ++++++++-----
> 1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/common/password.c b/common/password.c
> index a03e1db..d157a11 100644
> --- a/common/password.c
> +++ b/common/password.c
> @@ -66,11 +66,14 @@ int password(unsigned char *passwd, size_t length, int flags, int timeout)
> case CTL_CH('h'):
> case KEY_DEL7:
> case KEY_DEL:
> - if (flags & STAR && pos > 0)
> - puts("\b \b");
> - *buf = '\0';
> - buf--;
> - pos--;
> + if (pos > 0) {
> + if (flags & STAR)
> + puts("\b \b");
> +
> + *buf = '\0';
> + buf--;
> + pos--;
> + }
> continue;
> default:
> if (pos < length - 1) {
> --
> 1.7.11.7
>
>
> _______________________________________________
> barebox mailing list
> barebox@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/barebox
>
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
