From e7111ebd28a074a8f6bcb5c06e3a30816c0a0cd2 Mon Sep 17 00:00:00 2001
From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Date: Tue, 4 Dec 2012 13:04:25 +0100
Subject: password: fixed underflow on <backspace>

due to missing/misplaced boundary check, deleting characters could
underflow the password buffer.

Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 common/password.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'common')

diff --git a/common/password.c b/common/password.c
index a03e1dbff7..d157a11b7b 100644
--- a/common/password.c
+++ b/common/password.c
@@ -66,11 +66,14 @@ int password(unsigned char *passwd, size_t length, int flags, int timeout)
 			case CTL_CH('h'):
 			case KEY_DEL7:
 			case KEY_DEL:
-				if (flags & STAR && pos > 0)
-					puts("\b \b");
-				*buf = '\0';
-				buf--;
-				pos--;
+				if (pos > 0) {
+					if (flags & STAR)
+						puts("\b \b");
+
+					*buf = '\0';
+					buf--;
+					pos--;
+				}
 				continue;
 			default:
 				if (pos < length - 1) {
-- 
cgit v1.2.3