pam_cifscreds: fix warning on NULL arg passed to %s in pam_syslog()

Resolves: RHEL-28050 Signed-off-by: Paulo Alcantara <paalcant@redhat.com>
2024-04-12 18:33:02 -03:00 · 2024-04-12 18:33:02 -03:00 · c4e33cca26
commit c4e33cca26
parent f5c9edcc8f
2 changed files with 47 additions and 1 deletions
--- a/cifs-utils.spec
+++ b/cifs-utils.spec
@ -3,7 +3,7 @@

 Name:            cifs-utils
 Version:         7.0
-Release:         2%{pre_release}%{?dist}
+Release:         3%{pre_release}%{?dist}
 Summary:         Utilities for mounting and managing CIFS mounts

 License:         GPLv3
@ -22,6 +22,7 @@ Recommends: %{name}-info%{?_isa} = %{version}-%{release}

 Source0:         https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2
 Patch0:          cifs.upcall-fix-UAF-in-get_cachename_from_process_en.patch
+Patch1:          pam_cifscreds-fix-warning-on-NULL-arg-passed-to-s-in.patch

 %description
 The SMB/CIFS protocol is a standard file sharing protocol widely deployed
@ -55,6 +56,7 @@ provide these credentials to the kernel automatically at login.
 %prep
 %setup -q -n %{name}-%{version}%{pre_release}
 %patch0 -p1
+%patch1 -p1

 %build
 fgrep -r -l '/usr/bin/env python' | xargs -n1 sed -i 's@/usr/bin/env python.*@%python3@g'
@ -126,6 +128,10 @@ about CIFS mount.
 %{_mandir}/man1/smbinfo.*

 %changelog
+* Fri Apr 12 2024 Paulo Alcantara <paalcant@redhat.com> - 7.0-3
+- pam_cifscreds: fix NULL arg warning passed to pam_syslog()
+- Resolves: RHEL-28050
+
 * Fri Apr 12 2024 Paulo Alcantara <paalcant@redhat.com> - 7.0-2
 - cifs.upcall: fix UAF in get_cachename_from_process_env()
 - Resolves: RHEL-28047
--- a/pam_cifscreds-fix-warning-on-NULL-arg-passed-to-s-in.patch
+++ b/pam_cifscreds-fix-warning-on-NULL-arg-passed-to-s-in.patch
@ -0,0 +1,40 @@
+From dac330136368a9b8d9ccf8227f56ea35de57a4d2 Mon Sep 17 00:00:00 2001
+From: Paulo Alcantara <pc@manguebit.com>
+Date: Fri, 8 Mar 2024 13:25:22 -0300
+Subject: [PATCH] pam_cifscreds: fix warning on NULL arg passed to %s in
+ pam_syslog()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix the following compiler warning with -Wformat-overflow in
+cifscreds_pam_update():
+
+  pam_cifscreds.c: In function ‘cifscreds_pam_update’:
+  pam_cifscreds.c:340:83: warning: ‘%s’ directive argument is null
+  [-Wformat-overflow=]
+    340 | pam_syslog(ph, LOG_ERR, "error: Update credential key for %s: %s",
+        |                                                           ^~
+
+Fixes: cbbcd6e71c0a ("cifscreds: create PAM module to insert credentials at login")
+Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
+---
+ pam_cifscreds.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pam_cifscreds.c b/pam_cifscreds.c
+index 5d99c2db3038..eb9851d52a7d 100644
+--- a/pam_cifscreds.c
+++ b/pam_cifscreds.c
+@@ -338,7 +338,7 @@ static int cifscreds_pam_update(pam_handle_t *ph, const char *user, const char *
+ 		key_serial_t key = key_add(currentaddress, user, password, keytype);
+ 		if (key <= 0) {
+ 			pam_syslog(ph, LOG_ERR, "error: Update credential key for %s: %s",
+-				currentaddress, strerror(errno));
+				   (currentaddress ?: "(null)"), strerror(errno));
+ 		}
+ 	}
+ 
+-- 
+2.44.0
+