import pam-1.3.1-15.el8
This commit is contained in:
parent
0377626b71
commit
51793e1639
@ -0,0 +1,111 @@
|
||||
From a7453aeeb398d6cbb7a709c4e2a1d75905220fff Mon Sep 17 00:00:00 2001
|
||||
From: Stanislav Zidek <szidek@redhat.com>
|
||||
Date: Fri, 16 Apr 2021 19:14:18 +0200
|
||||
Subject: [PATCH] pam_userdb: Prevent garbage characters from db
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1791965
|
||||
---
|
||||
modules/pam_userdb/pam_userdb.8.xml | 3 +-
|
||||
modules/pam_userdb/pam_userdb.c | 56 +++++++++++++++++------------
|
||||
2 files changed, 36 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml
|
||||
index fa628ada..bce92850 100644
|
||||
--- a/modules/pam_userdb/pam_userdb.8.xml
|
||||
+++ b/modules/pam_userdb/pam_userdb.8.xml
|
||||
@@ -100,7 +100,8 @@
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
- Print debug information.
|
||||
+ Print debug information. Note that password hashes, both from db
|
||||
+ and computed, will be printed to syslog.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
|
||||
index dc2ca232..d59801bf 100644
|
||||
--- a/modules/pam_userdb/pam_userdb.c
|
||||
+++ b/modules/pam_userdb/pam_userdb.c
|
||||
@@ -194,7 +194,7 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
|
||||
}
|
||||
|
||||
if (data.dptr != NULL) {
|
||||
- int compare = 0;
|
||||
+ int compare = -2;
|
||||
|
||||
if (ctrl & PAM_KEY_ONLY_ARG)
|
||||
{
|
||||
@@ -209,36 +209,48 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
|
||||
char *cryptpw = NULL;
|
||||
|
||||
if (data.dsize < 13) {
|
||||
- compare = -2;
|
||||
+ /* hash is too short */
|
||||
+ pam_syslog(pamh, LOG_INFO, "password hash in database is too short");
|
||||
} else if (ctrl & PAM_ICASE_ARG) {
|
||||
- compare = -2;
|
||||
+ pam_syslog(pamh, LOG_INFO,
|
||||
+ "case-insensitive comparison only works with plaintext passwords");
|
||||
} else {
|
||||
+ /* libdb is not guaranteed to produce null terminated strings */
|
||||
+ char *pwhash = strndup(data.dptr, data.dsize);
|
||||
+
|
||||
+ if (pwhash == NULL) {
|
||||
+ pam_syslog(pamh, LOG_CRIT, "strndup failed: data.dptr");
|
||||
+ } else {
|
||||
#ifdef HAVE_CRYPT_R
|
||||
- struct crypt_data *cdata = NULL;
|
||||
- cdata = malloc(sizeof(*cdata));
|
||||
- if (cdata != NULL) {
|
||||
- cdata->initialized = 0;
|
||||
- cryptpw = crypt_r(pass, data.dptr, cdata);
|
||||
- }
|
||||
+ struct crypt_data *cdata = NULL;
|
||||
+ cdata = malloc(sizeof(*cdata));
|
||||
+ if (cdata == NULL) {
|
||||
+ pam_syslog(pamh, LOG_CRIT, "malloc failed: struct crypt_data");
|
||||
+ } else {
|
||||
+ cdata->initialized = 0;
|
||||
+ cryptpw = crypt_r(pass, pwhash, cdata);
|
||||
+ }
|
||||
#else
|
||||
- cryptpw = crypt (pass, data.dptr);
|
||||
+ cryptpw = crypt (pass, pwhash);
|
||||
#endif
|
||||
- if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
|
||||
- compare = memcmp(data.dptr, cryptpw, data.dsize);
|
||||
- } else {
|
||||
- compare = -2;
|
||||
- if (ctrl & PAM_DEBUG_ARG) {
|
||||
- if (cryptpw)
|
||||
- pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ");
|
||||
- else
|
||||
- pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
|
||||
+ if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
|
||||
+ compare = memcmp(data.dptr, cryptpw, data.dsize);
|
||||
+ } else {
|
||||
+ if (ctrl & PAM_DEBUG_ARG) {
|
||||
+ if (cryptpw) {
|
||||
+ pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ");
|
||||
+ pam_syslog(pamh, LOG_INFO, "computed hash: %s", cryptpw);
|
||||
+ } else {
|
||||
+ pam_syslog(pamh, LOG_ERR, "crypt() returned NULL");
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
- }
|
||||
#ifdef HAVE_CRYPT_R
|
||||
- free(cdata);
|
||||
+ free(cdata);
|
||||
#endif
|
||||
+ }
|
||||
+ free(pwhash);
|
||||
}
|
||||
-
|
||||
} else {
|
||||
|
||||
/* Unknown password encryption method -
|
||||
--
|
||||
2.30.2
|
||||
|
@ -3,7 +3,7 @@
|
||||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.3.1
|
||||
Release: 14%{?dist}
|
||||
Release: 15%{?dist}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+
|
||||
# - this option is redundant as the BSD license allows that anyway.
|
||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||
@ -65,6 +65,8 @@ Patch47: pam-1.3.1-pam-modutil-close-write.patch
|
||||
Patch48: pam-1.3.1-wheel-pam_ruser-fallback.patch
|
||||
# https://github.com/linux-pam/linux-pam/commit/491e5500b6b3913f531574208274358a2df88659
|
||||
Patch49: pam-1.3.1-namespace-gdm-doc.patch
|
||||
# https://github.com/linux-pam/linux-pam/commit/a7453aeeb398d6cbb7a709c4e2a1d75905220fff
|
||||
Patch50: pam-1.3.1-pam-userdb-prevent-garbage-characters-from-db.patch
|
||||
|
||||
%define _pamlibdir %{_libdir}
|
||||
%define _moduledir %{_libdir}/security
|
||||
@ -162,6 +164,7 @@ cp %{SOURCE18} .
|
||||
%patch47 -p1 -b .pam-modutil-close-write
|
||||
%patch48 -p1 -b .wheel-pam_ruser-fallback
|
||||
%patch49 -p1 -b .namespace-gdm-doc
|
||||
%patch50 -p1 -b .pam-userdb-prevent-garbage-characters-from-db
|
||||
autoreconf -i
|
||||
|
||||
%build
|
||||
@ -407,6 +410,9 @@ done
|
||||
%doc doc/specs/rfc86.0.txt
|
||||
|
||||
%changelog
|
||||
* Mon May 3 2021 Iker Pedrosa <ipedrosa@redhat.com> 1.3.1-15
|
||||
- pam_userdb: Prevent garbage characters from db (#1791965)
|
||||
|
||||
* Thu Nov 5 2020 Iker Pedrosa <ipedrosa@redhat.com> 1.3.1-14
|
||||
- Revert 1.3.1-12
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user