diff -up cracklib-2.9.0/lib/fascist.c.reentrant cracklib-2.9.0/lib/fascist.c --- cracklib-2.9.0/lib/fascist.c.reentrant 2013-06-01 16:52:33.000000000 +0200 +++ cracklib-2.9.0/lib/fascist.c 2013-08-21 15:31:18.700090735 +0200 @@ -36,8 +36,8 @@ typedef unsigned short uint16_t; #undef DEBUG #undef DEBUG2 -extern char *Reverse(char *buf); -extern char *Lowercase(char *buf); +extern char *Reverse(char *buf, char *area); +extern char *Lowercase(char *buf, char *area); static char *r_destructors[] = { ":", /* noop - must do this to test raw word. */ @@ -439,6 +439,8 @@ GTry(rawtext, password) int i; int len; char *mp; + char area[STRINGSIZE]; + char revarea[STRINGSIZE]; /* use destructors to turn password into rawtext */ /* note use of Reverse() to save duplicating all rules */ @@ -447,7 +449,7 @@ GTry(rawtext, password) for (i = 0; r_destructors[i]; i++) { - if (!(mp = Mangle(password, r_destructors[i]))) + if (!(mp = Mangle(password, r_destructors[i], area))) { continue; } @@ -462,10 +464,10 @@ GTry(rawtext, password) } #ifdef DEBUG - printf("%-16s = %-16s (destruct %s reversed)\n", Reverse(mp), rawtext, r_destructors[i]); + printf("%-16s = %-16s (destruct %s reversed)\n", Reverse(mp, revarea), rawtext, r_destructors[i]); #endif - if (!strncmp(Reverse(mp), rawtext, len)) + if (!strncmp(Reverse(mp, revarea), rawtext, len)) { return (1); } @@ -473,7 +475,7 @@ GTry(rawtext, password) for (i = 0; r_constructors[i]; i++) { - if (!(mp = Mangle(rawtext, r_constructors[i]))) + if (!(mp = Mangle(rawtext, r_constructors[i], area))) { continue; } @@ -520,7 +522,7 @@ FascistGecosUser(char *password, const c strncpy(tbuffer, gecos, STRINGSIZE); tbuffer[STRINGSIZE-1] = '\0'; - strcpy(gbuffer, Lowercase(tbuffer)); + Lowercase(tbuffer, gbuffer); wc = 0; ptr = gbuffer; @@ -695,6 +697,7 @@ FascistLookUser(PWDICT *pwp, char *instr char junk[STRINGSIZE]; char *password; char rpassword[STRINGSIZE]; + char area[STRINGSIZE]; uint32_t notfound; notfound = PW_WORDS(pwp); @@ -731,7 +734,7 @@ FascistLookUser(PWDICT *pwp, char *instr return _("it does not contain enough DIFFERENT characters"); } - strcpy(password, (char *)Lowercase(password)); + strcpy(password, (char *)Lowercase(password, area)); Trim(password); @@ -787,7 +790,7 @@ FascistLookUser(PWDICT *pwp, char *instr { char *a; - if (!(a = Mangle(password, r_destructors[i]))) + if (!(a = Mangle(password, r_destructors[i], area))) { continue; } @@ -802,13 +805,13 @@ FascistLookUser(PWDICT *pwp, char *instr } } - strcpy(password, (char *)Reverse(password)); + strcpy(password, (char *)Reverse(password, area)); for (i = 0; r_destructors[i]; i++) { char *a; - if (!(a = Mangle(password, r_destructors[i]))) + if (!(a = Mangle(password, r_destructors[i], area))) { continue; } diff -up cracklib-2.9.0/lib/packer.h.in.reentrant cracklib-2.9.0/lib/packer.h.in --- cracklib-2.9.0/lib/packer.h.in.reentrant 2013-08-21 15:29:24.245641356 +0200 +++ cracklib-2.9.0/lib/packer.h.in 2013-08-21 15:29:24.247641399 +0200 @@ -86,7 +86,7 @@ extern int PWClose(PWDICT *pwp); extern unsigned int FindPW(PWDICT *pwp, char *string); extern int PutPW(PWDICT *pwp, char *string); extern int PMatch(char *control, char *string); -extern char *Mangle(char *input, char *control); +extern char *Mangle(char *input, char *control, char *area); extern char Chop(char *string); extern char *Trim(char *string); extern char *FascistLook(PWDICT *pwp, char *instring); diff -up cracklib-2.9.0/lib/packlib.c.reentrant cracklib-2.9.0/lib/packlib.c --- cracklib-2.9.0/lib/packlib.c.reentrant 2013-08-21 15:29:24.245641356 +0200 +++ cracklib-2.9.0/lib/packlib.c 2013-08-21 15:29:24.247641399 +0200 @@ -67,8 +67,8 @@ PWOpen(prefix, mode) char *mode; { int use64 = 0; - static PWDICT pdesc; - static PWDICT64 pdesc64; + PWDICT *pdesc; + PWDICT64 pdesc64; char iname[STRINGSIZE]; char dname[STRINGSIZE]; char wname[STRINGSIZE]; @@ -76,15 +76,13 @@ PWOpen(prefix, mode) FILE *ifp; FILE *wfp; - if (pdesc.header.pih_magic == PIH_MAGIC) - { - fprintf(stderr, "%s: another dictionary already open\n", prefix); - return ((PWDICT *) 0); - } + pdesc = malloc(sizeof(*pdesc)); + if (pdesc == NULL) + return NULL; - memset(&pdesc, '\0', sizeof(pdesc)); + memset(pdesc, '\0', sizeof(*pdesc)); memset(&pdesc64, '\0', sizeof(pdesc64)); - pdesc.prevblock = 0xffffffff; + pdesc->prevblock = 0xffffffff; snprintf(iname, STRINGSIZE, "%s.pwi", prefix); snprintf(dname, STRINGSIZE, "%s.pwd", prefix); @@ -92,77 +90,80 @@ PWOpen(prefix, mode) if (mode[0] == 'r') { - pdesc.flags &= ~PFOR_USEZLIB; + pdesc->flags &= ~PFOR_USEZLIB; /* first try the normal db file */ - if (!(pdesc.dfp = fopen(dname, mode))) + if (!(pdesc->dfp = fopen(dname, mode))) { #ifdef HAVE_ZLIB_H - pdesc.flags |= PFOR_USEZLIB; + pdesc->flags |= PFOR_USEZLIB; /* try extension .gz */ snprintf(dname, STRINGSIZE, "%s.pwd.gz", prefix); - if (!(pdesc.dfp = gzopen(dname, mode))) + if (!(pdesc->dfp = gzopen(dname, mode))) { perror(dname); + free(pdesc); return ((PWDICT *) 0); } #else perror(dname); + free(pdesc); return ((PWDICT *) 0); #endif } } else { - pdesc.flags &= ~PFOR_USEZLIB; + pdesc->flags &= ~PFOR_USEZLIB; /* write mode: use fopen */ - if (!(pdesc.dfp = fopen(dname, mode))) + if (!(pdesc->dfp = fopen(dname, mode))) { perror(dname); + free(pdesc); return ((PWDICT *) 0); } } - if (!(pdesc.ifp = fopen(iname, mode))) + if (!(pdesc->ifp = fopen(iname, mode))) { #ifdef HAVE_ZLIB_H - if(pdesc.flags & PFOR_USEZLIB) - gzclose(pdesc.dfp); + if(pdesc->flags & PFOR_USEZLIB) + gzclose(pdesc->dfp); else #endif - fclose(pdesc.dfp); + fclose(pdesc->dfp); perror(iname); + free(pdesc); return ((PWDICT *) 0); } - if ((pdesc.wfp = fopen(wname, mode))) + if ((pdesc->wfp = fopen(wname, mode))) { - pdesc.flags |= PFOR_USEHWMS; + pdesc->flags |= PFOR_USEHWMS; } - ifp = pdesc.ifp; - dfp = pdesc.dfp; - wfp = pdesc.wfp; + ifp = pdesc->ifp; + dfp = pdesc->dfp; + wfp = pdesc->wfp; if (mode[0] == 'w') { - pdesc.flags |= PFOR_WRITE; - pdesc.header.pih_magic = PIH_MAGIC; - pdesc.header.pih_blocklen = NUMWORDS; - pdesc.header.pih_numwords = 0; + pdesc->flags |= PFOR_WRITE; + pdesc->header.pih_magic = PIH_MAGIC; + pdesc->header.pih_blocklen = NUMWORDS; + pdesc->header.pih_numwords = 0; - fwrite((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp); + fwrite((char *) &pdesc->header, sizeof(pdesc->header), 1, ifp); } else { - pdesc.flags &= ~PFOR_WRITE; + pdesc->flags &= ~PFOR_WRITE; - if (!fread((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp)) + if (!fread((char *) &pdesc->header, sizeof(pdesc->header), 1, ifp)) { fprintf(stderr, "%s: error reading header\n", prefix); - pdesc.header.pih_magic = 0; fclose(ifp); #ifdef HAVE_ZLIB_H - if(pdesc.flags & PFOR_USEZLIB) + if(pdesc->flags & PFOR_USEZLIB) gzclose(dfp); else #endif @@ -171,21 +172,21 @@ PWOpen(prefix, mode) { fclose(wfp); } + free(pdesc); return ((PWDICT *) 0); } - if ((pdesc.header.pih_magic == 0) || (pdesc.header.pih_numwords == 0)) + if ((pdesc->header.pih_magic == 0) || (pdesc->header.pih_numwords == 0)) { /* uh-oh. either a broken "64-bit" file or a garbage file. */ rewind (ifp); if (!fread((char *) &pdesc64.header, sizeof(pdesc64.header), 1, ifp)) { fprintf(stderr, "%s: error reading header\n", prefix); - - pdesc.header.pih_magic = 0; + fclose(ifp); #ifdef HAVE_ZLIB_H - if(pdesc.flags & PFOR_USEZLIB) + if(pdesc->flags & PFOR_USEZLIB) gzclose(dfp); else #endif @@ -194,17 +195,17 @@ PWOpen(prefix, mode) { fclose(wfp); } + free(pdesc); return ((PWDICT *) 0); } if (pdesc64.header.pih_magic != PIH_MAGIC) { /* nope, not "64-bit" after all */ fprintf(stderr, "%s: error reading header\n", prefix); - - pdesc.header.pih_magic = 0; + fclose(ifp); #ifdef HAVE_ZLIB_H - if(pdesc.flags & PFOR_USEZLIB) + if(pdesc->flags & PFOR_USEZLIB) gzclose(dfp); else #endif @@ -214,23 +215,23 @@ PWOpen(prefix, mode) { fclose(wfp); } + free(pdesc); return ((PWDICT *) 0); } - pdesc.header.pih_magic = pdesc64.header.pih_magic; - pdesc.header.pih_numwords = pdesc64.header.pih_numwords; - pdesc.header.pih_blocklen = pdesc64.header.pih_blocklen; - pdesc.header.pih_pad = pdesc64.header.pih_pad; + pdesc->header.pih_magic = pdesc64.header.pih_magic; + pdesc->header.pih_numwords = pdesc64.header.pih_numwords; + pdesc->header.pih_blocklen = pdesc64.header.pih_blocklen; + pdesc->header.pih_pad = pdesc64.header.pih_pad; use64 = 1; } - if (pdesc.header.pih_magic != PIH_MAGIC) + if (pdesc->header.pih_magic != PIH_MAGIC) { fprintf(stderr, "%s: magic mismatch\n", prefix); - pdesc.header.pih_magic = 0; fclose(ifp); #ifdef HAVE_ZLIB_H - if(pdesc.flags & PFOR_USEZLIB) + if(pdesc->flags & PFOR_USEZLIB) gzclose(dfp); else #endif @@ -240,17 +241,17 @@ PWOpen(prefix, mode) { fclose(wfp); } + free(pdesc); return ((PWDICT *) 0); } - if (pdesc.header.pih_numwords < 1) + if (pdesc->header.pih_numwords < 1) { fprintf(stderr, "%s: invalid word count\n", prefix); - pdesc.header.pih_magic = 0; fclose(ifp); #ifdef HAVE_ZLIB_H - if(pdesc.flags & PFOR_USEZLIB) + if(pdesc->flags & PFOR_USEZLIB) gzclose(dfp); else #endif @@ -259,17 +260,17 @@ PWOpen(prefix, mode) { fclose(wfp); } + free(pdesc); return ((PWDICT *) 0); } - if (pdesc.header.pih_blocklen != NUMWORDS) + if (pdesc->header.pih_blocklen != NUMWORDS) { fprintf(stderr, "%s: size mismatch\n", prefix); - pdesc.header.pih_magic = 0; fclose(ifp); #ifdef HAVE_ZLIB_H - if(pdesc.flags & PFOR_USEZLIB) + if(pdesc->flags & PFOR_USEZLIB) gzclose(dfp); else #endif @@ -278,10 +279,11 @@ PWOpen(prefix, mode) { fclose(wfp); } + free(pdesc); return ((PWDICT *) 0); } - if (pdesc.flags & PFOR_USEHWMS) + if (pdesc->flags & PFOR_USEHWMS) { int i; @@ -289,27 +291,27 @@ PWOpen(prefix, mode) { if (fread(pdesc64.hwms, 1, sizeof(pdesc64.hwms), wfp) != sizeof(pdesc64.hwms)) { - pdesc.flags &= ~PFOR_USEHWMS; + pdesc->flags &= ~PFOR_USEHWMS; } - for (i = 0; i < sizeof(pdesc.hwms) / sizeof(pdesc.hwms[0]); i++) + for (i = 0; i < sizeof(pdesc->hwms) / sizeof(pdesc->hwms[0]); i++) { - pdesc.hwms[i] = pdesc64.hwms[i]; + pdesc->hwms[i] = pdesc64.hwms[i]; } } - else if (fread(pdesc.hwms, 1, sizeof(pdesc.hwms), wfp) != sizeof(pdesc.hwms)) + else if (fread(pdesc->hwms, 1, sizeof(pdesc->hwms), wfp) != sizeof(pdesc->hwms)) { - pdesc.flags &= ~PFOR_USEHWMS; + pdesc->flags &= ~PFOR_USEHWMS; } #if DEBUG for (i=1; i<=0xff; i++) { - printf("hwm[%02x] = %d\n", i, pdesc.hwms[i]); + printf("hwm[%02x] = %d\n", i, pdesc->hwms[i]); } #endif } } - return (&pdesc); + return (pdesc); } int @@ -319,6 +321,7 @@ PWClose(pwp) if (pwp->header.pih_magic != PIH_MAGIC) { fprintf(stderr, "PWClose: close magic mismatch\n"); + /* we do not try to free memory that is probably corrupted */ return (-1); } @@ -330,12 +333,14 @@ PWClose(pwp) if (fseek(pwp->ifp, 0L, 0)) { fprintf(stderr, "index magic fseek failed\n"); + free(pwp); return (-1); } if (!fwrite((char *) &pwp->header, sizeof(pwp->header), 1, pwp->ifp)) { fprintf(stderr, "index magic fwrite failed\n"); + free(pwp); return (-1); } @@ -369,6 +374,7 @@ PWClose(pwp) } pwp->header.pih_magic = 0; + free(pwp); return (0); } diff -up cracklib-2.9.0/lib/rules.c.reentrant cracklib-2.9.0/lib/rules.c --- cracklib-2.9.0/lib/rules.c.reentrant 2013-06-01 16:47:13.000000000 +0200 +++ cracklib-2.9.0/lib/rules.c 2013-08-21 15:29:24.247641399 +0200 @@ -82,12 +82,12 @@ Suffix(myword, suffix) } char * -Reverse(str) /* return a pointer to a reversal */ +Reverse(str, area) /* return a pointer to a reversal */ register char *str; + char *area; { register int i; register int j; - static char area[STRINGSIZE]; j = i = strlen(str); while (*str) { @@ -98,11 +98,11 @@ Reverse(str) /* return a pointer to a } char * -Uppercase(str) /* return a pointer to an uppercase */ +Uppercase(str, area) /* return a pointer to an uppercase */ register char *str; + char *area; { register char *ptr; - static char area[STRINGSIZE]; ptr = area; while (*str) { @@ -115,11 +115,11 @@ Uppercase(str) /* return a pointer to } char * -Lowercase(str) /* return a pointer to an lowercase */ +Lowercase(str, area) /* return a pointer to an lowercase */ register char *str; + char *area; { register char *ptr; - static char area[STRINGSIZE]; ptr = area; while (*str) { @@ -132,11 +132,11 @@ Lowercase(str) /* return a pointer to } char * -Capitalise(str) /* return a pointer to an capitalised */ +Capitalise(str, area) /* return a pointer to an capitalised */ register char *str; + char *area; { register char *ptr; - static char area[STRINGSIZE]; ptr = area; while (*str) @@ -151,11 +151,11 @@ Capitalise(str) /* return a pointer to } char * -Pluralise(string) /* returns a pointer to a plural */ +Pluralise(string, area) /* returns a pointer to a plural */ register char *string; + char *area; { register int length; - static char area[STRINGSIZE]; length = strlen(string); strcpy(area, string); @@ -192,13 +192,13 @@ Pluralise(string) /* returns a pointer } char * -Substitute(string, old, new) /* returns pointer to a swapped about copy */ +Substitute(string, old, new, area) /* returns pointer to a swapped about copy */ register char *string; register char old; register char new; + char *area; { register char *ptr; - static char area[STRINGSIZE]; ptr = area; while (*string) { @@ -210,12 +210,12 @@ Substitute(string, old, new) /* returns } char * -Purge(string, target) /* returns pointer to a purged copy */ +Purge(string, target, area) /* returns pointer to a purged copy */ register char *string; register char target; + char *area; { register char *ptr; - static char area[STRINGSIZE]; ptr = area; while (*string) { @@ -372,13 +372,13 @@ PolyStrchr(string, class) } char * -PolySubst(string, class, new) /* returns pointer to a swapped about copy */ +PolySubst(string, class, new, area) /* returns pointer to a swapped about copy */ register char *string; register char class; register char new; + char *area; { register char *ptr; - static char area[STRINGSIZE]; ptr = area; while (*string) { @@ -390,12 +390,12 @@ PolySubst(string, class, new) /* returns } char * -PolyPurge(string, class) /* returns pointer to a purged copy */ +PolyPurge(string, class, area) /* returns pointer to a purged copy */ register char *string; register char class; + char *area; { register char *ptr; - static char area[STRINGSIZE]; ptr = area; while (*string) { @@ -428,40 +428,41 @@ Char2Int(character) } char * -Mangle(input, control) /* returns a pointer to a controlled Mangle */ +Mangle(input, control, area) /* returns a pointer to a controlled Mangle */ char *input; char *control; + char *area; { int limit; register char *ptr; - static char area[STRINGSIZE]; char area2[STRINGSIZE]; area[0] = '\0'; strcpy(area, input); for (ptr = control; *ptr; ptr++) { + strcpy(area2, area); switch (*ptr) { case RULE_NOOP: break; case RULE_REVERSE: - strcpy(area, Reverse(area)); + Reverse(area2, area); break; case RULE_UPPERCASE: - strcpy(area, Uppercase(area)); + Uppercase(area2, area); break; case RULE_LOWERCASE: - strcpy(area, Lowercase(area)); + Lowercase(area2, area); break; case RULE_CAPITALISE: - strcpy(area, Capitalise(area)); + Capitalise(area2, area); break; case RULE_PLURALISE: - strcpy(area, Pluralise(area)); + Pluralise(area2, area); break; case RULE_REFLECT: - strcat(area, Reverse(area)); + strcat(area, Reverse(area, area2)); break; case RULE_DUPLICATE: strcpy(area2, area); @@ -548,7 +549,6 @@ Mangle(input, control) /* returns a poi Debug(1, "Mangle: extract: weird argument in '%s'\n", control); return ((char *) 0); } - strcpy(area2, area); for (i = 0; length-- && area2[start + i]; i++) { area[i] = area2[start + i]; @@ -619,10 +619,10 @@ Mangle(input, control) /* returns a poi return ((char *) 0); } else if (ptr[1] != RULE_CLASS) { - strcpy(area, Purge(area, *(++ptr))); + Purge(area2, *(++ptr), area); } else { - strcpy(area, PolyPurge(area, ptr[2])); + PolyPurge(area2, ptr[2], area); ptr += 2; } break; @@ -633,11 +633,11 @@ Mangle(input, control) /* returns a poi return ((char *) 0); } else if (ptr[1] != RULE_CLASS) { - strcpy(area, Substitute(area, ptr[1], ptr[2])); + Substitute(area2, ptr[1], ptr[2], area); ptr += 2; } else { - strcpy(area, PolySubst(area, ptr[2], ptr[3])); + PolySubst(area2, ptr[2], ptr[3], area); ptr += 3; } break;