Hi,
On Thu, Apr 21, 2016 at 07:48:01PM +0200, Jens Neuhalfen wrote:
> *sigh*. Thanks for finding out && providing the patch!
>
> Learning: Try on multiple machines (It ???compiles on my machine [Mac]???
> apparently is not enough)
>
> My test vm (precise) fails with the same error.
Mac is spec
Hi Gert,
[…]
*sigh*. Thanks for finding out && providing the patch!
Learning: Try on multiple machines (It “compiles on my machine [Mac]”
apparently is not enough)
My test vm (precise) fails with the same error.
Jens
> While this looks totally reasonable, it does not compile... both in
>
On 21 Apr 2016 7:25 p.m., "Gert Doering" wrote:
> ... you need to #include to get that symbol...
>
> Steffan: for the sake of "avoid yet another full loop and a v3", could
> you just ACK this change as well?
Yes, ACK.
-Steffan
Hi,
On Thu, Apr 21, 2016 at 08:51:27AM +0200, Jens wrote:
> > This is without a doubt an improvement, but it still leaves an
> > opportunity open to achieve a buffer overflow through an integer
> > overflow. Consider a tosearch with len 11, and a replacewith with len
>
> [???]
>
> Good point. P
On Thu, Apr 21, 2016 at 8:51 AM, Jens wrote:
> Passing very long usernames/passwords for pam authentication could possibly
> lead to a stack based buffer overrun in the auth-pam plugin.
>
> Adds a dependency to C99 (includes stdbool.h)
>
> Signed-off-by: Jens Neuhalfen
> ---
> src/plugins/auth-
Hi Steffan,
[…]
>
> This is without a doubt an improvement, but it still leaves an
> opportunity open to achieve a buffer overflow through an integer
> overflow. Consider a tosearch with len 11, and a replacewith with len
[…]
Good point. Patch attached.
Cheers
Jens
From 7d76d224096d26a6d19
Hi,
On Tue, Apr 19, 2016 at 9:01 PM, Jens wrote:
> The AUTH-PAM plugin contains the function `searchandreplace`. The buffer
> allocated there can be overflown if the parameter `replace_with` is to long
> (depending on the format string).
>
> E.g.:
>
> searchandreplace(to search :=“X”, searchf
Hi,
please review the following patch.
The AUTH-PAM plugin contains the function `searchandreplace`. The buffer
allocated there can be overflown if the parameter `replace_with` is to long
(depending on the format string).
E.g.:
searchandreplace(to search :=“X”, searchfor := “X”, replacewith
