fix crypt_r failure modes (#819650)

Resolves: rhbz#819650
2012-06-06 14:17:13 +01:00 · 2012-06-06 14:17:13 +01:00 · 8c653cd038
commit 8c653cd038
parent e11ba41eb1
2 changed files with 44 additions and 1 deletions
--- a/apr-util-1.4.1-r1346875.patch
+++ b/apr-util-1.4.1-r1346875.patch
@ -0,0 +1,38 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=819650
+
+http://svn.apache.org/viewvc?view=revision&revision=1346875
+
+--- apr-util-1.4.1/crypto/apr_md5.c.r1346875
+++ apr-util-1.4.1/crypto/apr_md5.c
+@@ -721,6 +721,9 @@ APU_DECLARE(apr_status_t) apr_password_v
+         CRYPTD buffer;
+ 
+         crypt_pw = crypt_r(passwd, hash, &buffer);
+        if (!crypt_pw) {
+            return APR_EMISMATCH;
+        }
+         apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
+ #elif defined(CRYPT_R_STRUCT_CRYPT_DATA)
+         struct crypt_data buffer;
+@@ -732,6 +735,9 @@ APU_DECLARE(apr_status_t) apr_password_v
+          */
+         memset(&buffer, 0, sizeof(buffer));
+         crypt_pw = crypt_r(passwd, hash, &buffer);
+        if (!crypt_pw) {
+            return APR_EMISMATCH;
+        }
+         apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
+ #else
+         /* Do a bit of sanity checking since we know that crypt_r()
+@@ -748,6 +754,10 @@ APU_DECLARE(apr_status_t) apr_password_v
+          */
+         crypt_mutex_lock();
+         crypt_pw = crypt(passwd, hash);
+        if (!crypt_pw) {
+            crypt_mutex_unlock();
+            return APR_EMISMATCH;
+        }
+         apr_cpystrn(sample, crypt_pw, sizeof(sample) - 1);
+         crypt_mutex_unlock();
+ #endif
--- a/apr-util.spec
+++ b/apr-util.spec
@ -10,13 +10,14 @@
 Summary: Apache Portable Runtime Utility library
 Name: apr-util
 Version: 1.4.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: ASL 2.0
 Group: System Environment/Libraries
 URL: http://apr.apache.org/
 Source0: http://www.apache.org/dist/apr/%{name}-%{version}.tar.bz2
 Patch1: apr-util-1.2.7-pkgconf.patch
 Patch2: apr-util-1.3.7-nodbmdso.patch
+Patch3: apr-util-1.4.1-r1346875.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 BuildRequires: autoconf, apr-devel >= 1.3.0
 BuildRequires: %{dbdep}, expat-devel, libuuid-devel
@ -120,6 +121,7 @@ This package provides the NSS crypto support for the apr-util.
 %setup -q
 %patch1 -p1 -b .pkgconf
 %patch2 -p1 -b .nodbmdso
+%patch3 -p1 -b .r1346875

 %build
 autoheader && autoconf
@ -224,6 +226,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/*.m4

 %changelog
+* Wed Jun  6 2012 Joe Orton <jorton@redhat.com> - 1.4.1-4
+- fix crypt_r failure modes (#819650)
+
 * Tue Apr 24 2012 Joe Orton <jorton@redhat.com> - 1.4.1-3
 - apply _isa to deps