- pam_console: fix memory corruption when executing handlers (patch by Stas

Sergeev) and a few more fixes in the handler execution code (#532302)
This commit is contained in:
Tomáš Mráz 2009-11-02 09:13:52 +00:00
parent 76f4b127d2
commit 257490523a
2 changed files with 78 additions and 1 deletions

View File

@ -0,0 +1,71 @@
diff -up Linux-PAM-1.1.0/modules/pam_console/handlers.c.consolefix Linux-PAM-1.1.0/modules/pam_console/handlers.c
--- Linux-PAM-1.1.0/modules/pam_console/handlers.c.consolefix 2009-11-02 08:45:24.000000000 +0100
+++ Linux-PAM-1.1.0/modules/pam_console/handlers.c 2009-11-02 08:50:19.000000000 +0100
@@ -172,13 +172,13 @@ call_exec(struct console_handler *handle
const char *flagptr;
const char **argv;
int i = 0;
- argv = malloc(sizeof(*argv)*nparams+2);
-
+ argv = malloc(sizeof(*argv)*(nparams+2));
+
if (argv == NULL)
return;
-
+
argv[i++] = handler->executable;
-
+
for (flagptr = handler->flags; *flagptr != '\0'; flagptr += strlen(flagptr)+1) {
switch (testflag(flagptr)) {
case HF_LOGFAIL:
@@ -231,7 +231,7 @@ execute_handler(pam_handle_t *pamh, stru
}
sighandler = signal(SIGCHLD, SIG_DFL);
-
+
child = fork();
switch (child) {
case -1:
@@ -246,30 +246,31 @@ execute_handler(pam_handle_t *pamh, stru
if (!wait_exit) {
switch(fork()) {
case 0:
- exit(0);
+ if(setsid() == -1) {
+ _exit(255);
+ }
+ break;
case -1:
- exit(255);
+ _exit(255);
default:
- if(setsid() == -1) {
- exit(255);
- }
+ _exit(0);
}
}
if (set_uid) {
struct passwd *pw;
pw = getpwnam(user);
if (pw == NULL)
- exit(255);
+ _exit(255);
if (setgid(pw->pw_gid) == -1 ||
setuid(pw->pw_uid) == -1)
- exit(255);
+ _exit(255);
}
call_exec(handler, nparams, user, tty);
- exit(255);
+ _exit(255);
default:
break;
}
-
+
waitpid(child, &rv, 0);
if (sighandler != SIG_ERR)

View File

@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications Summary: An extensible library which provides authentication for applications
Name: pam Name: pam
Version: 1.1.0 Version: 1.1.0
Release: 6%{?dist} Release: 7%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+, # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
License: BSD and GPLv2+ License: BSD and GPLv2+
@ -27,6 +27,7 @@ Patch3: pam-1.1.0-cracklib-authtok.patch
Patch4: pam-1.1.0-console-nochmod.patch Patch4: pam-1.1.0-console-nochmod.patch
Patch5: pam-1.1.0-notally.patch Patch5: pam-1.1.0-notally.patch
Patch6: pam-1.1.0-xauth-context.patch Patch6: pam-1.1.0-xauth-context.patch
Patch7: pam-1.1.0-console-fixes.patch
%define _sbindir /sbin %define _sbindir /sbin
%define _moduledir /%{_lib}/security %define _moduledir /%{_lib}/security
@ -93,6 +94,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
%patch4 -p1 -b .nochmod %patch4 -p1 -b .nochmod
%patch5 -p1 -b .notally %patch5 -p1 -b .notally
%patch6 -p1 -b .xauth-context %patch6 -p1 -b .xauth-context
%patch7 -p1 -b .console-fixes
libtoolize -f libtoolize -f
autoreconf autoreconf
@ -325,6 +327,10 @@ fi
%doc doc/adg/*.txt doc/adg/html %doc doc/adg/*.txt doc/adg/html
%changelog %changelog
* Mon Nov 2 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-7
- pam_console: fix memory corruption when executing handlers (patch by
Stas Sergeev) and a few more fixes in the handler execution code (#532302)
* Thu Oct 29 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-6 * Thu Oct 29 2009 Tomas Mraz <tmraz@redhat.com> 1.1.0-6
- pam_xauth: set the approprate context when creating .xauth files (#531530) - pam_xauth: set the approprate context when creating .xauth files (#531530)