Package: apg
Version: 2.2.3.dfsg.1-2
Passing a dictionary file containing a line starting with whitespace
will result in an invalid free() and crash
$ echo "Test" > apgtestdict
$ /usr/lib/apg/apg -r apgtestdict
yicMumJo
ectOccac
kaijBit,
jubaphum[
veninkadom
RhadEytQua
$ echo " Test" > apgtestdict
$ /usr/lib/apg/apg -r apgtestdict
*** Error in `/usr/lib/apg/apg': free(): invalid pointer: 0x0000000000828171 ***
Aborted
It's at restrict.c:70
They do a single strtok (Without a loop) presumably as a way to strip
whitespace, then reassign the pointer to the start of the line to the
start of the string in question. If there is any whitespace the pointer
will have moved and the free() will fail.
Attached patch fixes the bug
73,75c73
< if( tmp != NULL)
< string = tmp;
< else
---
> if( tmp == NULL)
77,78c75,76
< if(strlen(string) != strlen(pass)) continue;
< else if (strncmp(string, pass, strlen(pass)) == 0)
---
> if(strlen(tmp) != strlen(pass)) continue;
> else if (strncmp(tmp, pass, strlen(pass)) == 0)
