Bug#689588: Please unblock cracklib2/2.8.19-2
Control: tags -1 moreinfo
On 2012-12-08 12:25, Jan Dittberner wrote:
> retitle 689588 unblock: cracklib2/2.8.19-2
> thanks
>
> Dear release managers,
>
> please unblock cracklib2/2.8.19-2 that I uploaded to unstable. See the
> debdiff that is already attached to the bug. The change is minimal and
> backward compatible. The test suite runs without problems with all supported
> Python versions (2.6, 2.7, 3.2).
>
>
> Best regards
> Jan
>
Hi,
I have to admit, I would have appreciated if this change had been
upstreamed. Anyhow, I guess that will be your headache and not mine... :)
In regards to the actual changes, I suspect they are flawed in the
"error"-path, see "cracklib2.review".
~Niels
+- const char *result;
++ int result;
++ char *errmsg;
^^^^^^
Uninitialized, but almost certainly not NULL
[...]
+ LOCK();
+- result = FascistCheck(candidate, dict ? dict : defaultdict);
++ result = __DEBIAN_SPECIFIC__SafeFascistCheck(candidate,
++ dict ? dict : defaultdict, errmsg);
Passed as "char *" and not "char **", so the call will not change
to which string errmsg is pointing (but could change the content).
Note that __DEBIAN_SPECIFIC__SafeFascistCheck is trying to use it
by assigning to errmsg (see below), so I suspect you wanted to use
"&errmsg" here (and the changed below).
+ UNLOCK();
++ if (errmsg != NULL)
++ {
++ PyErr_SetString(PyExc_ValueError, errmsg);
^^^^^^
Use of uninitialized pointer...
++int
++__DEBIAN_SPECIFIC__SafeFascistCheck(password, path, errstr)
++ const char *password;
++ const char *path;
++ char *errstr;
^^^^^^^^^^^^^
I think this should have been "char **errstr;"
++ errstr = FascistLook(pwp, pwtrunced);
^^^^^^
... and this should have been:
*errstr = FascistLook(pwp, pwtrunced);
Reply to: