- pam_console: fix memory corruption when executing handlers (patch by Stas
Sergeev) and a few more fixes in the handler execution code (#532302)
This commit is contained in:
parent
76f4b127d2
commit
257490523a
71
pam-1.1.0-console-fixes.patch
Normal file
71
pam-1.1.0-console-fixes.patch
Normal file
@ -0,0 +1,71 @@
|
||||
diff -up Linux-PAM-1.1.0/modules/pam_console/handlers.c.consolefix Linux-PAM-1.1.0/modules/pam_console/handlers.c
|
||||
--- Linux-PAM-1.1.0/modules/pam_console/handlers.c.consolefix 2009-11-02 08:45:24.000000000 +0100
|
||||
+++ Linux-PAM-1.1.0/modules/pam_console/handlers.c 2009-11-02 08:50:19.000000000 +0100
|
||||
@@ -172,13 +172,13 @@ call_exec(struct console_handler *handle
|
||||
const char *flagptr;
|
||||
const char **argv;
|
||||
int i = 0;
|
||||
- argv = malloc(sizeof(*argv)*nparams+2);
|
||||
-
|
||||
+ argv = malloc(sizeof(*argv)*(nparams+2));
|
||||
+
|
||||
if (argv == NULL)
|
||||
return;
|
||||
-
|
||||
+
|
||||
argv[i++] = handler->executable;
|
||||
-
|
||||
+
|
||||
for (flagptr = handler->flags; *flagptr != '\0'; flagptr += strlen(flagptr)+1) {
|
||||
switch (testflag(flagptr)) {
|
||||
case HF_LOGFAIL:
|
||||
@@ -231,7 +231,7 @@ execute_handler(pam_handle_t *pamh, stru
|
||||
}
|
||||
|
||||
sighandler = signal(SIGCHLD, SIG_DFL);
|
||||
-
|
||||
+
|
||||
child = fork();
|
||||
switch (child) {
|
||||
case -1:
|
||||
@@ -246,30 +246,31 @@ execute_handler(pam_handle_t *pamh, stru
|
||||
if (!wait_exit) {
|
||||
switch(fork()) {
|
||||
case 0:
|
||||
- exit(0);
|
||||
+ if(setsid() == -1) {
|
||||
+ _exit(255);
|
||||
+ }
|
||||
+ break;
|
||||
case -1:
|
||||
- exit(255);
|
||||
+ _exit(255);
|
||||
default:
|
||||
- if(setsid() == -1) {
|
||||
- exit(255);
|
||||
- }
|
||||
+ _exit(0);
|
||||
}
|
||||
}
|
||||
if (set_uid) {
|
||||
struct passwd *pw;
|
||||
pw = getpwnam(user);
|
||||
if (pw == NULL)
|
||||
- exit(255);
|
||||
+ _exit(255);
|
||||
if (setgid(pw->pw_gid) == -1 ||
|
||||
setuid(pw->pw_uid) == -1)
|
||||
- exit(255);
|
||||
+ _exit(255);
|
||||
}
|
||||
call_exec(handler, nparams, user, tty);
|
||||
- exit(255);
|
||||
+ _exit(255);
|
||||
default:
|
||||
break;
|
||||
}
|
||||
-
|
||||
+
|
||||
waitpid(child, &rv, 0);
|
||||
|
||||
if (sighandler != SIG_ERR)
|
8
pam.spec
8
pam.spec
@ -3,7 +3,7 @@
|
||||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.1.0
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
|
||||
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
|
||||
License: BSD and GPLv2+
|
||||
@ -27,6 +27,7 @@ Patch3: pam-1.1.0-cracklib-authtok.patch
|
||||
Patch4: pam-1.1.0-console-nochmod.patch
|
||||
Patch5: pam-1.1.0-notally.patch
|
||||
Patch6: pam-1.1.0-xauth-context.patch
|
||||
Patch7: pam-1.1.0-console-fixes.patch
|
||||
|
||||
%define _sbindir /sbin
|
||||
%define _moduledir /%{_lib}/security
|
||||
@ -93,6 +94,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
|
||||
%patch4 -p1 -b .nochmod
|
||||
%patch5 -p1 -b .notally
|
||||
%patch6 -p1 -b .xauth-context
|
||||
%patch7 -p1 -b .console-fixes
|
||||
|
||||
libtoolize -f
|
||||
autoreconf
|
||||
@ -325,6 +327,10 @@ fi
|
||||
%doc doc/adg/*.txt doc/adg/html
|
||||
|
||||
%changelog
|
||||
* Mon Nov 2 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-7
|
||||
- pam_console: fix memory corruption when executing handlers (patch by
|
||||
Stas Sergeev) and a few more fixes in the handler execution code (#532302)
|
||||
|
||||
* Thu Oct 29 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-6
|
||||
- pam_xauth: set the approprate context when creating .xauth files (#531530)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user