Blob Blame History Raw
diff -up cracklib-2.9.6/lib/fascist.c.reentrant cracklib-2.9.6/lib/fascist.c
--- cracklib-2.9.6/lib/fascist.c.reentrant	2015-08-18 20:41:16.000000000 +0200
+++ cracklib-2.9.6/lib/fascist.c	2015-10-22 18:17:20.338290974 +0200
@@ -36,8 +36,8 @@ typedef unsigned short uint16_t;
 #undef DEBUG
 #undef DEBUG2
 
-extern char *Reverse(char *buf);
-extern char *Lowercase(char *buf);
+extern char *Reverse(char *buf, char *area);
+extern char *Lowercase(char *buf, char *area);
 
 static char *r_destructors[] = {
     ":",                        /* noop - must do this to test raw word. */
@@ -439,6 +439,8 @@ GTry(rawtext, password)
     int i;
     int len;
     char *mp;
+    char area[STRINGSIZE];
+    char revarea[STRINGSIZE];
 
     /* use destructors to turn password into rawtext */
     /* note use of Reverse() to save duplicating all rules */
@@ -447,7 +449,7 @@ GTry(rawtext, password)
 
     for (i = 0; r_destructors[i]; i++)
     {
-	if (!(mp = Mangle(password, r_destructors[i])))
+	if (!(mp = Mangle(password, r_destructors[i], area)))
 	{
 	    continue;
 	}
@@ -462,10 +464,10 @@ GTry(rawtext, password)
 	}
 
 #ifdef DEBUG
-	printf("%-16s = %-16s (destruct %s reversed)\n", Reverse(mp), rawtext, r_destructors[i]);
+	printf("%-16s = %-16s (destruct %s reversed)\n", Reverse(mp, revarea), rawtext, r_destructors[i]);
 #endif
 
-	if (!strncmp(Reverse(mp), rawtext, len))
+	if (!strncmp(Reverse(mp, revarea), rawtext, len))
 	{
 	    return (1);
 	}
@@ -473,7 +475,7 @@ GTry(rawtext, password)
 
     for (i = 0; r_constructors[i]; i++)
     {
-	if (!(mp = Mangle(rawtext, r_constructors[i])))
+	if (!(mp = Mangle(rawtext, r_constructors[i], area)))
 	{
 	    continue;
 	}
@@ -520,7 +522,7 @@ FascistGecosUser(char *password, const c
 
     strncpy(tbuffer, gecos, STRINGSIZE);
     tbuffer[STRINGSIZE-1] = '\0';
-    strcpy(gbuffer, Lowercase(tbuffer));
+    Lowercase(tbuffer, gbuffer);
 
     wc = 0;
     ptr = gbuffer;
@@ -695,6 +697,7 @@ FascistLookUser(PWDICT *pwp, char *instr
     char junk[STRINGSIZE];
     char *password;
     char rpassword[STRINGSIZE];
+    char area[STRINGSIZE];
     uint32_t notfound;
 
     notfound = PW_WORDS(pwp);
@@ -731,7 +734,7 @@ FascistLookUser(PWDICT *pwp, char *instr
 	return _("it does not contain enough DIFFERENT characters");
     }
 
-    strcpy(password, (char *)Lowercase(password));
+    strcpy(password, (char *)Lowercase(password, area));
 
     Trim(password);
 
@@ -787,7 +790,7 @@ FascistLookUser(PWDICT *pwp, char *instr
     {
 	char *a;
 
-	if (!(a = Mangle(password, r_destructors[i])))
+	if (!(a = Mangle(password, r_destructors[i], area)))
 	{
 	    continue;
 	}
@@ -802,13 +805,13 @@ FascistLookUser(PWDICT *pwp, char *instr
 	}
     }
 
-    strcpy(password, (char *)Reverse(password));
+    strcpy(password, (char *)Reverse(password, area));
 
     for (i = 0; r_destructors[i]; i++)
     {
 	char *a;
 
-	if (!(a = Mangle(password, r_destructors[i])))
+	if (!(a = Mangle(password, r_destructors[i], area)))
 	{
 	    continue;
 	}
diff -up cracklib-2.9.6/lib/packer.h.reentrant cracklib-2.9.6/lib/packer.h
--- cracklib-2.9.6/lib/packer.h.reentrant	2015-10-22 18:17:20.335290902 +0200
+++ cracklib-2.9.6/lib/packer.h	2015-10-22 18:17:20.338290974 +0200
@@ -82,7 +82,7 @@ extern int PWClose(PWDICT *pwp);
 extern unsigned int FindPW(PWDICT *pwp, char *string);
 extern int PutPW(PWDICT *pwp, char *string);
 extern int PMatch(char *control, char *string);
-extern char *Mangle(char *input, char *control);
+extern char *Mangle(char *input, char *control, char *area);
 extern char Chop(char *string);
 extern char *Trim(char *string);
 extern char *FascistLook(PWDICT *pwp, char *instring);
diff -up cracklib-2.9.6/lib/packlib.c.reentrant cracklib-2.9.6/lib/packlib.c
--- cracklib-2.9.6/lib/packlib.c.reentrant	2015-08-18 20:41:16.000000000 +0200
+++ cracklib-2.9.6/lib/packlib.c	2015-10-22 18:19:52.154911451 +0200
@@ -67,8 +67,8 @@ PWOpen(prefix, mode)
     char *mode;
 {
     int use64 = 0;
-    static PWDICT pdesc;
-    static PWDICT64 pdesc64;
+    PWDICT *pdesc;
+    PWDICT64 pdesc64;
     char iname[STRINGSIZE];
     char dname[STRINGSIZE];
     char wname[STRINGSIZE];
@@ -76,13 +76,11 @@ PWOpen(prefix, mode)
     void *ifp;
     void *wfp;
 
-    if (pdesc.header.pih_magic == PIH_MAGIC)
-    {
-	fprintf(stderr, "%s: another dictionary already open\n", prefix);
+    pdesc = malloc(sizeof(*pdesc));
+    if (pdesc == NULL)
 	return NULL;
-    }
 
-    memset(&pdesc, '\0', sizeof(pdesc));
+    memset(pdesc, '\0', sizeof(*pdesc));
     memset(&pdesc64, '\0', sizeof(pdesc64));
 
     snprintf(iname, STRINGSIZE, "%s.pwi", prefix);
@@ -91,77 +89,80 @@ PWOpen(prefix, mode)
 
     if (mode[0] == 'r')
     {
-		pdesc.flags &= ~PFOR_USEZLIB;
+		pdesc->flags &= ~PFOR_USEZLIB;
 		/* first try the normal db file */
-		if (!(pdesc.dfp = fopen(dname, mode)))
+		if (!(pdesc->dfp = fopen(dname, mode)))
 		{
 #ifdef HAVE_ZLIB_H
-			pdesc.flags |= PFOR_USEZLIB;
+			pdesc->flags |= PFOR_USEZLIB;
 			/* try extension .gz */
 			snprintf(dname, STRINGSIZE, "%s.pwd.gz", prefix);
-			if (!(pdesc.dfp = gzopen(dname, mode)))
+			if (!(pdesc->dfp = gzopen(dname, mode)))
 			{
 				perror(dname);
+				free(pdesc);
 				return NULL;
 			}
 #else
 		perror(dname);
+		free(pdesc);
 		return NULL;
 #endif
 		}
 	}
 	else
 	{
-		pdesc.flags &= ~PFOR_USEZLIB;
+		pdesc->flags &= ~PFOR_USEZLIB;
 		/* write mode: use fopen */
-		if (!(pdesc.dfp = fopen(dname, mode)))
+		if (!(pdesc->dfp = fopen(dname, mode)))
 		{
 			perror(dname);
+			free(pdesc);
 			return NULL;
 		}
 	}
 
-    if (!(pdesc.ifp = fopen(iname, mode)))
+    if (!(pdesc->ifp = fopen(iname, mode)))
     {
 #ifdef HAVE_ZLIB_H
-		if (pdesc.flags & PFOR_USEZLIB)
-			gzclose(pdesc.dfp);
+		if(pdesc->flags & PFOR_USEZLIB)
+			gzclose(pdesc->dfp);
 		else
 #endif
-			fclose(pdesc.dfp);
+			fclose(pdesc->dfp);
 	perror(iname);
+	free(pdesc);
 	return NULL;
     }
 
-    if ((pdesc.wfp = fopen(wname, mode)))
+    if ((pdesc->wfp = fopen(wname, mode)))
     {
-	pdesc.flags |= PFOR_USEHWMS;
+	pdesc->flags |= PFOR_USEHWMS;
     }
 
-    ifp = pdesc.ifp;
-    dfp = pdesc.dfp;
-    wfp = pdesc.wfp;
+    ifp = pdesc->ifp;
+    dfp = pdesc->dfp;
+    wfp = pdesc->wfp;
 
     if (mode[0] == 'w')
     {
-	pdesc.flags |= PFOR_WRITE;
-	pdesc.header.pih_magic = PIH_MAGIC;
-	pdesc.header.pih_blocklen = NUMWORDS;
-	pdesc.header.pih_numwords = 0;
+	pdesc->flags |= PFOR_WRITE;
+	pdesc->header.pih_magic = PIH_MAGIC;
+	pdesc->header.pih_blocklen = NUMWORDS;
+	pdesc->header.pih_numwords = 0;
 
-	fwrite((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp);
+	fwrite((char *) &pdesc->header, sizeof(pdesc->header), 1, ifp);
     } else
     {
-	pdesc.flags &= ~PFOR_WRITE;
+	pdesc->flags &= ~PFOR_WRITE;
 
-	if (!fread((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp))
+	if (!fread((char *) &pdesc->header, sizeof(pdesc->header), 1, ifp))
 	{
 	    fprintf(stderr, "%s: error reading header\n", prefix);
 
-	    pdesc.header.pih_magic = 0;
 	    fclose(ifp);
 #ifdef HAVE_ZLIB_H
-		if (pdesc.flags & PFOR_USEZLIB)
+		if(pdesc->flags & PFOR_USEZLIB)
 			gzclose(dfp);
 		else
 #endif
@@ -170,10 +171,11 @@ PWOpen(prefix, mode)
 	    {
 		fclose(wfp);
 	    }
+	    free(pdesc);
 	    return NULL;
 	}
 
-        if ((pdesc.header.pih_magic == 0) || (pdesc.header.pih_numwords == 0))
+        if ((pdesc->header.pih_magic == 0) || (pdesc->header.pih_numwords == 0))
         {
             /* uh-oh. either a broken "64-bit" file or a garbage file. */
             rewind (ifp);
@@ -181,10 +183,9 @@ PWOpen(prefix, mode)
             {
                 fprintf(stderr, "%s: error reading header\n", prefix);
 
-                pdesc.header.pih_magic = 0;
                 fclose(ifp);
 #ifdef HAVE_ZLIB_H
-				if (pdesc.flags & PFOR_USEZLIB)
+				if (pdesc->flags & PFOR_USEZLIB)
 					gzclose(dfp);
 				else
 #endif
@@ -193,6 +194,7 @@ PWOpen(prefix, mode)
 		{
 			fclose(wfp);
 		}
+		free(pdesc);
                 return NULL;
             }
             if (pdesc64.header.pih_magic != PIH_MAGIC)
@@ -200,10 +202,9 @@ PWOpen(prefix, mode)
                 /* nope, not "64-bit" after all */
                 fprintf(stderr, "%s: error reading header\n", prefix);
 
-                pdesc.header.pih_magic = 0;
                 fclose(ifp);
 #ifdef HAVE_ZLIB_H
-				if (pdesc.flags & PFOR_USEZLIB)
+				if (pdesc->flags & PFOR_USEZLIB)
 					gzclose(dfp);
 				else
 #endif
@@ -213,23 +214,23 @@ PWOpen(prefix, mode)
 		{
 			fclose(wfp);
 		}
+		free(pdesc);
                 return NULL;
             }
-            pdesc.header.pih_magic = pdesc64.header.pih_magic;
-            pdesc.header.pih_numwords = pdesc64.header.pih_numwords;
-            pdesc.header.pih_blocklen = pdesc64.header.pih_blocklen;
-            pdesc.header.pih_pad = pdesc64.header.pih_pad;
+            pdesc->header.pih_magic = pdesc64.header.pih_magic;
+            pdesc->header.pih_numwords = pdesc64.header.pih_numwords;
+            pdesc->header.pih_blocklen = pdesc64.header.pih_blocklen;
+            pdesc->header.pih_pad = pdesc64.header.pih_pad;
             use64 = 1;
         }
 
-	if (pdesc.header.pih_magic != PIH_MAGIC)
+	if (pdesc->header.pih_magic != PIH_MAGIC)
 	{
 	    fprintf(stderr, "%s: magic mismatch\n", prefix);
 
-	    pdesc.header.pih_magic = 0;
 	    fclose(ifp);
 #ifdef HAVE_ZLIB_H
-		if (pdesc.flags & PFOR_USEZLIB)
+		if (pdesc->flags & PFOR_USEZLIB)
 			gzclose(dfp);
 		else
 #endif
@@ -239,17 +240,17 @@ PWOpen(prefix, mode)
 	    {
 		fclose(wfp);
 	    }
+	    free(pdesc);
 	    return NULL;
 	}
 
-        if (pdesc.header.pih_numwords < 1)
+        if (pdesc->header.pih_numwords < 1)
         {
             fprintf(stderr, "%s: invalid word count\n", prefix);
 
-            pdesc.header.pih_magic = 0;
             fclose(ifp);
 #ifdef HAVE_ZLIB_H
-			if (pdesc.flags & PFOR_USEZLIB)
+			if (pdesc->flags & PFOR_USEZLIB)
 				gzclose(dfp);
 			else
 #endif
@@ -258,17 +259,17 @@ PWOpen(prefix, mode)
 	    {
 		fclose(wfp);
 	    }
+	    free(pdesc);
             return NULL;
         }
 
-	if (pdesc.header.pih_blocklen != NUMWORDS)
+	if (pdesc->header.pih_blocklen != NUMWORDS)
 	{
 	    fprintf(stderr, "%s: size mismatch\n", prefix);
 
-	    pdesc.header.pih_magic = 0;
 	    fclose(ifp);
 #ifdef HAVE_ZLIB_H
-		if (pdesc.flags & PFOR_USEZLIB)
+		if (pdesc->flags & PFOR_USEZLIB)
 			gzclose(dfp);
 		else
 #endif
@@ -277,10 +278,11 @@ PWOpen(prefix, mode)
 	    {
 		fclose(wfp);
 	    }
+	    free(pdesc);
 	    return NULL;
 	}
 
-	if (pdesc.flags & PFOR_USEHWMS)
+	if (pdesc->flags & PFOR_USEHWMS)
 	{
             int i;
 
@@ -288,27 +290,27 @@ PWOpen(prefix, mode)
             {
                 if (fread(pdesc64.hwms, 1, sizeof(pdesc64.hwms), wfp) != sizeof(pdesc64.hwms))
                 {
-                    pdesc.flags &= ~PFOR_USEHWMS;
+                    pdesc->flags &= ~PFOR_USEHWMS;
                 }
-                for (i = 0; i < sizeof(pdesc.hwms) / sizeof(pdesc.hwms[0]); i++)
+                for (i = 0; i < sizeof(pdesc->hwms) / sizeof(pdesc->hwms[0]); i++)
                 {
-                    pdesc.hwms[i] = pdesc64.hwms[i];
+                    pdesc->hwms[i] = pdesc64.hwms[i];
                 }
-            }
-            else if (fread(pdesc.hwms, 1, sizeof(pdesc.hwms), wfp) != sizeof(pdesc.hwms))
+            } 
+            else if (fread(pdesc->hwms, 1, sizeof(pdesc->hwms), wfp) != sizeof(pdesc->hwms))
 	    {
-		pdesc.flags &= ~PFOR_USEHWMS;
+		pdesc->flags &= ~PFOR_USEHWMS;
 	    }
 #if DEBUG
             for (i=1; i<=0xff; i++)
             {
-                printf("hwm[%02x] = %d\n", i, pdesc.hwms[i]);
+                printf("hwm[%02x] = %d\n", i, pdesc->hwms[i]);
             }
 #endif
 	}
     }
 
-    return (&pdesc);
+    return (pdesc);
 }
 
 int
@@ -318,6 +320,7 @@ PWClose(pwp)
     if (pwp->header.pih_magic != PIH_MAGIC)
     {
 	fprintf(stderr, "PWClose: close magic mismatch\n");
+        /* we do not try to free memory that is probably corrupted */
 	return (-1);
     }
 
@@ -329,12 +332,14 @@ PWClose(pwp)
 	if (fseek(pwp->ifp, 0L, 0))
 	{
 	    fprintf(stderr, "index magic fseek failed\n");
+	    free(pwp);
 	    return (-1);
 	}
 
 	if (!fwrite((char *) &pwp->header, sizeof(pwp->header), 1, pwp->ifp))
 	{
 	    fprintf(stderr, "index magic fwrite failed\n");
+            free(pwp);
 	    return (-1);
 	}
 
@@ -368,6 +373,7 @@ PWClose(pwp)
     }
 
     pwp->header.pih_magic = 0;
+    free(pwp);
 
     return (0);
 }
diff -up cracklib-2.9.6/lib/rules.c.reentrant cracklib-2.9.6/lib/rules.c
--- cracklib-2.9.6/lib/rules.c.reentrant	2015-08-18 20:41:16.000000000 +0200
+++ cracklib-2.9.6/lib/rules.c	2015-10-22 18:17:20.339290998 +0200
@@ -82,12 +82,12 @@ Suffix(myword, suffix)
 }
 
 char *
-Reverse(str)			/* return a pointer to a reversal */
+Reverse(str, area)			/* return a pointer to a reversal */
     register char *str;
+    char *area;
 {
     register int i;
     register int j;
-    static char area[STRINGSIZE];
     j = i = strlen(str);
     while (*str)
     {
@@ -98,11 +98,11 @@ Reverse(str)			/* return a pointer to a
 }
 
 char *
-Uppercase(str)			/* return a pointer to an uppercase */
+Uppercase(str, area)			/* return a pointer to an uppercase */
     register char *str;
+    char *area;
 {
     register char *ptr;
-    static char area[STRINGSIZE];
     ptr = area;
     while (*str)
     {
@@ -115,11 +115,11 @@ Uppercase(str)			/* return a pointer to
 }
 
 char *
-Lowercase(str)			/* return a pointer to an lowercase */
+Lowercase(str, area)			/* return a pointer to an lowercase */
     register char *str;
+    char *area;
 {
     register char *ptr;
-    static char area[STRINGSIZE];
     ptr = area;
     while (*str)
     {
@@ -132,11 +132,11 @@ Lowercase(str)			/* return a pointer to
 }
 
 char *
-Capitalise(str)			/* return a pointer to an capitalised */
+Capitalise(str, area)			/* return a pointer to an capitalised */
     register char *str;
+    char *area;
 {
     register char *ptr;
-    static char area[STRINGSIZE];
     ptr = area;
 
     while (*str)
@@ -151,11 +151,11 @@ Capitalise(str)			/* return a pointer to
 }
 
 char *
-Pluralise(string)		/* returns a pointer to a plural */
+Pluralise(string, area)		/* returns a pointer to a plural */
     register char *string;
+    char *area;
 {
     register int length;
-    static char area[STRINGSIZE];
     length = strlen(string);
     strcpy(area, string);
 
@@ -192,13 +192,13 @@ Pluralise(string)		/* returns a pointer
 }
 
 char *
-Substitute(string, old, new)	/* returns pointer to a swapped about copy */
+Substitute(string, old, new, area)	/* returns pointer to a swapped about copy */
     register char *string;
     register char old;
     register char new;
+    char *area;
 {
     register char *ptr;
-    static char area[STRINGSIZE];
     ptr = area;
     while (*string)
     {
@@ -210,12 +210,12 @@ Substitute(string, old, new)	/* returns
 }
 
 char *
-Purge(string, target)		/* returns pointer to a purged copy */
+Purge(string, target, area)		/* returns pointer to a purged copy */
     register char *string;
     register char target;
+    char *area;
 {
     register char *ptr;
-    static char area[STRINGSIZE];
     ptr = area;
     while (*string)
     {
@@ -372,13 +372,13 @@ PolyStrchr(string, class)
 }
 
 char *
-PolySubst(string, class, new)	/* returns pointer to a swapped about copy */
+PolySubst(string, class, new, area)	/* returns pointer to a swapped about copy */
     register char *string;
     register char class;
     register char new;
+    char *area;
 {
     register char *ptr;
-    static char area[STRINGSIZE];
     ptr = area;
     while (*string)
     {
@@ -390,12 +390,12 @@ PolySubst(string, class, new)	/* returns
 }
 
 char *
-PolyPurge(string, class)	/* returns pointer to a purged copy */
+PolyPurge(string, class, area)	/* returns pointer to a purged copy */
     register char *string;
     register char class;
+    char *area;
 {
     register char *ptr;
-    static char area[STRINGSIZE];
     ptr = area;
     while (*string)
     {
@@ -428,40 +428,41 @@ Char2Int(character)
 }
 
 char *
-Mangle(input, control)		/* returns a pointer to a controlled Mangle */
+Mangle(input, control, area)		/* returns a pointer to a controlled Mangle */
     char *input;
     char *control;
+    char *area;
 {
     int limit;
     register char *ptr;
-    static char area[STRINGSIZE];
     char area2[STRINGSIZE];
     area[0] = '\0';
     strcpy(area, input);
 
     for (ptr = control; *ptr; ptr++)
     {
+	strcpy(area2, area);
 	switch (*ptr)
 	{
 	case RULE_NOOP:
 	    break;
 	case RULE_REVERSE:
-	    strcpy(area, Reverse(area));
+	    Reverse(area2, area);
 	    break;
 	case RULE_UPPERCASE:
-	    strcpy(area, Uppercase(area));
+	    Uppercase(area2, area);
 	    break;
 	case RULE_LOWERCASE:
-	    strcpy(area, Lowercase(area));
+	    Lowercase(area2, area);
 	    break;
 	case RULE_CAPITALISE:
-	    strcpy(area, Capitalise(area));
+	    Capitalise(area2, area);
 	    break;
 	case RULE_PLURALISE:
-	    strcpy(area, Pluralise(area));
+	    Pluralise(area2, area);
 	    break;
 	case RULE_REFLECT:
-	    strcat(area, Reverse(area));
+	    strcat(area, Reverse(area, area2));
 	    break;
 	case RULE_DUPLICATE:
 	    strcpy(area2, area);
@@ -548,7 +549,6 @@ Mangle(input, control)		/* returns a poi
 		    Debug(1, "Mangle: extract: weird argument in '%s'\n", control);
 		    return NULL;
 		}
-		strcpy(area2, area);
 		for (i = 0; length-- && area2[start + i]; i++)
 		{
 		    area[i] = area2[start + i];
@@ -619,10 +619,10 @@ Mangle(input, control)		/* returns a poi
 		return NULL;
 	    } else if (ptr[1] != RULE_CLASS)
 	    {
-		strcpy(area, Purge(area, *(++ptr)));
+		Purge(area2, *(++ptr), area);
 	    } else
 	    {
-		strcpy(area, PolyPurge(area, ptr[2]));
+		PolyPurge(area2, ptr[2], area);
 		ptr += 2;
 	    }
 	    break;
@@ -633,11 +633,11 @@ Mangle(input, control)		/* returns a poi
 		return NULL;
 	    } else if (ptr[1] != RULE_CLASS)
 	    {
-		strcpy(area, Substitute(area, ptr[1], ptr[2]));
+		Substitute(area2, ptr[1], ptr[2], area);
 		ptr += 2;
 	    } else
 	    {
-		strcpy(area, PolySubst(area, ptr[2], ptr[3]));
+		PolySubst(area2, ptr[2], ptr[3], area);
 		ptr += 3;
 	    }
 	    break;