Coverity: dereference in pam_ssh_agent_auth

Upstream: https://sourceforge.net/p/pamsshagentauth/bugs/22/
2016-06-03 09:49:20 +02:00 · 2016-06-03 09:49:20 +02:00 · ea9421342e
commit ea9421342e
parent d78d347c11
2 changed files with 27 additions and 0 deletions
--- a/openssh.spec
+++ b/openssh.spec
@ -121,6 +121,9 @@ Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
 Patch305: pam_ssh_agent_auth-0.9.3-agent_structure.patch
 # remove prefixes to be able to build against current openssh library
 Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
+# Fix NULL dereference from getpwuid() return value
+# https://sourceforge.net/p/pamsshagentauth/bugs/22/
+Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch

 #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
 Patch400: openssh-6.6p1-role-mls.patch
@ -411,6 +414,7 @@ pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
 %patch302 -p2 -b .psaa-visibility
 %patch306 -p2 -b .psaa-compat
 %patch305 -p2 -b .psaa-agent
+%patch307 -p2 -b .psaa-deref
 # Remove duplicate headers and library files
 rm -f $(cat %{SOURCE5})
 popd
--- a/pam_ssh_agent_auth-0.10.2-dereference.patch
+++ b/pam_ssh_agent_auth-0.10.2-dereference.patch
@ -0,0 +1,23 @@
+
+--- openssh-6.6p1/pam_ssh_agent_auth-0.9.3/pam_user_authorized_keys.c.psaa-command	2016-04-20 09:31:32.164686370 +0200
+++ openssh-6.6p1/pam_ssh_agent_auth-0.9.3/pam_user_authorized_keys.c	2016-04-20 09:35:49.778344576 +0200
+@@ -145,11 +145,14 @@
+ int
+ pam_user_key_allowed(const char *ruser, Key * key)
+ {
+-    return
+-        pamsshagentauth_user_key_allowed2(getpwuid(authorized_keys_file_allowed_owner_uid),
+-                                          key, authorized_keys_file)
+-        || pamsshagentauth_user_key_allowed2(getpwuid(0), key,
+-                                             authorized_keys_file)
+    struct passwd *file_pw, *root_pw;
+    file_pw = getpwuid(authorized_keys_file_allowed_owner_uid);
+    root_pw = getpwuid(0);
+    return
+        (file_pw != NULL &&
+            pamsshagentauth_user_key_allowed2(file_pw, key, authorized_keys_file))
+        || (root_pw != NULL &&
+            pamsshagentauth_user_key_allowed2(root_pw, key, authorized_keys_file))
+         || pamsshagentauth_user_key_command_allowed2(authorized_keys_command,
+                                                      authorized_keys_command_user,
+                                                      getpwnam(ruser), key);