rpms/openssh
5
0
Fork 1
Code Issues Pull Requests Releases Activity

Coverity: dereference in pam_ssh_agent_auth

Browse Source 
Upstream: https://sourceforge.net/p/pamsshagentauth/bugs/22/
This commit is contained in:
Jakub Jelen 2016-06-03 09:49:20 +02:00
parent d78d347c11
commit ea9421342e
2 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openssh.spec
View File

@ -121,6 +121,9 @@ Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
Patch305: pam_ssh_agent_auth-0.9.3-agent_structure.patch Patch305: pam_ssh_agent_auth-0.9.3-agent_structure.patch
# remove prefixes to be able to build against current openssh library # remove prefixes to be able to build against current openssh library
Patch306: pam_ssh_agent_auth-0.10.2-compat.patch Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
# Fix NULL dereference from getpwuid() return value
# https://sourceforge.net/p/pamsshagentauth/bugs/22/
Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX) #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
Patch400: openssh-6.6p1-role-mls.patch Patch400: openssh-6.6p1-role-mls.patch
@ -411,6 +414,7 @@ pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
%patch302 -p2 -b .psaa-visibility %patch302 -p2 -b .psaa-visibility
%patch306 -p2 -b .psaa-compat %patch306 -p2 -b .psaa-compat
%patch305 -p2 -b .psaa-agent %patch305 -p2 -b .psaa-agent
%patch307 -p2 -b .psaa-deref
# Remove duplicate headers and library files # Remove duplicate headers and library files
rm -f $(cat %{SOURCE5}) rm -f $(cat %{SOURCE5})
popd popd

23
pam_ssh_agent_auth-0.10.2-dereference.patch Normal file
View File

@ -0,0 +1,23 @@
--- openssh-6.6p1/pam_ssh_agent_auth-0.9.3/pam_user_authorized_keys.c.psaa-command 2016-04-20 09:31:32.164686370 +0200
+++ openssh-6.6p1/pam_ssh_agent_auth-0.9.3/pam_user_authorized_keys.c 2016-04-20 09:35:49.778344576 +0200
@@ -145,11 +145,14 @@
int
pam_user_key_allowed(const char *ruser, Key * key)
{
- return
- pamsshagentauth_user_key_allowed2(getpwuid(authorized_keys_file_allowed_owner_uid),
- key, authorized_keys_file)
- || pamsshagentauth_user_key_allowed2(getpwuid(0), key,
- authorized_keys_file)
+ struct passwd *file_pw, *root_pw;
+ file_pw = getpwuid(authorized_keys_file_allowed_owner_uid);
+ root_pw = getpwuid(0);
+ return
+ (file_pw != NULL &&
+ pamsshagentauth_user_key_allowed2(file_pw, key, authorized_keys_file))
+ || (root_pw != NULL &&
+ pamsshagentauth_user_key_allowed2(root_pw, key, authorized_keys_file))
|| pamsshagentauth_user_key_command_allowed2(authorized_keys_command,
authorized_keys_command_user,
getpwnam(ruser), key);