rpms
/
pam
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix issues detected by covscan tool 

Resolves: #1938835

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
Iker Pedrosa 2021-07-14 17:06:27 +02:00
parent 64f2f990fa
commit 2b70f50adf
2 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
pam-1.5.1-pam_filter_close_file_after_controlling_tty.patch Normal file
View File

@ -0,0 +1,42 @@
From ec0e724fe53188c5c762c34ca9db6681c0de01b8 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Thu, 1 Jul 2021 12:14:29 +0200
Subject: [PATCH] pam_filter: Close file after controlling tty
Failing to check the descriptor value meant that there was a bug in the
attempt to close the controlling tty. Moreover, this would lead to a
file descriptor leak as pointed out by the static analyzer tool:
Error: RESOURCE_LEAK (CWE-772): [#def26]
Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:356: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:356: var_assign: Assigning: "t" = handle returned from "open("/dev/tty", 2)".
Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:357: off_by_one: Testing whether handle "t" is strictly greater than zero is suspicious. "t" leaks when it is zero.
Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:357: remediation: Did you intend to include equality with zero?
Linux-PAM-1.5.1/modules/pam_filter/pam_filter.c:367: leaked_handle: Handle variable "t" going out of scope leaks the handle.
365| pam_syslog(pamh, LOG_ERR,
366| "child cannot become new session: %m");
367|-> return PAM_ABORT;
368| }
369|
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
modules/pam_filter/pam_filter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c
index 2f0af4fb..6e6def37 100644
--- a/modules/pam_filter/pam_filter.c
+++ b/modules/pam_filter/pam_filter.c
@@ -354,7 +354,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
int t = open("/dev/tty", O_RDWR|O_NOCTTY);
#else
int t = open("/dev/tty",O_RDWR);
- if (t > 0) {
+ if (t >= 0) {
(void) ioctl(t, TIOCNOTTY, NULL);
close(t);
}
--
2.31.1

8
pam.spec
View File

@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications
Name: pam
Version: 1.5.1
Release: 6%{?dist}
Release: 7%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway.
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -28,6 +28,8 @@ Patch1: pam-1.5.0-redhat-modules.patch
Patch2: pam-1.5.0-noflex.patch
Patch3: pam-1.3.0-unix-nomsg.patch
Patch4: pam-1.5.1-timestamp-openssl-hmac-authentication.patch
# https://github.com/linux-pam/linux-pam/commit/ec0e724fe53188c5c762c34ca9db6681c0de01b8
Patch5: pam-1.5.1-pam_filter_close_file_after_controlling_tty.patch
%global _pamlibdir %{_libdir}
%global _moduledir %{_libdir}/security
@ -114,6 +116,7 @@ cp %{SOURCE18} .
%patch2 -p1 -b .noflex
%patch3 -p1 -b .nomsg
%patch4 -p1 -b .timestamp-openssl-hmac-authentication
%patch5 -p1 -b .pam_filter_close_file_after_controlling_tty
autoreconf -i
@ -368,6 +371,9 @@ done
%doc doc/sag/*.txt doc/sag/html
%changelog
* Wed Jul 14 2021 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-7
- Fix issues detected by covscan tool
* Fri Jul 2 2021 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-6
- pam_timestamp: openssl hmac authentication. Resolves: #1934975