diff --git a/openssh.spec b/openssh.spec index 1321581..439906e 100644 --- a/openssh.spec +++ b/openssh.spec @@ -121,6 +121,9 @@ Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch Patch305: pam_ssh_agent_auth-0.9.3-agent_structure.patch # remove prefixes to be able to build against current openssh library Patch306: pam_ssh_agent_auth-0.10.2-compat.patch +# Fix NULL dereference from getpwuid() return value +# https://sourceforge.net/p/pamsshagentauth/bugs/22/ +Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX) Patch400: openssh-6.6p1-role-mls.patch @@ -411,6 +414,7 @@ pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} %patch302 -p2 -b .psaa-visibility %patch306 -p2 -b .psaa-compat %patch305 -p2 -b .psaa-agent +%patch307 -p2 -b .psaa-deref # Remove duplicate headers and library files rm -f $(cat %{SOURCE5}) popd diff --git a/pam_ssh_agent_auth-0.10.2-dereference.patch b/pam_ssh_agent_auth-0.10.2-dereference.patch new file mode 100644 index 0000000..e3c411f --- /dev/null +++ b/pam_ssh_agent_auth-0.10.2-dereference.patch @@ -0,0 +1,23 @@ + +--- openssh-6.6p1/pam_ssh_agent_auth-0.9.3/pam_user_authorized_keys.c.psaa-command 2016-04-20 09:31:32.164686370 +0200 ++++ openssh-6.6p1/pam_ssh_agent_auth-0.9.3/pam_user_authorized_keys.c 2016-04-20 09:35:49.778344576 +0200 +@@ -145,11 +145,14 @@ + int + pam_user_key_allowed(const char *ruser, Key * key) + { +- return +- pamsshagentauth_user_key_allowed2(getpwuid(authorized_keys_file_allowed_owner_uid), +- key, authorized_keys_file) +- || pamsshagentauth_user_key_allowed2(getpwuid(0), key, +- authorized_keys_file) ++ struct passwd *file_pw, *root_pw; ++ file_pw = getpwuid(authorized_keys_file_allowed_owner_uid); ++ root_pw = getpwuid(0); ++ return ++ (file_pw != NULL && ++ pamsshagentauth_user_key_allowed2(file_pw, key, authorized_keys_file)) ++ || (root_pw != NULL && ++ pamsshagentauth_user_key_allowed2(root_pw, key, authorized_keys_file)) + || pamsshagentauth_user_key_command_allowed2(authorized_keys_command, + authorized_keys_command_user, + getpwnam(ruser), key);