fix dereference in pam_env

fix wrong parse of user@host pattern in pam_access (#732081)
2011-08-25 16:09:08 +02:00 · 2011-08-25 16:09:08 +02:00 · 9f29655908
commit 9f29655908
parent 05c4e69a7b
4 changed files with 170 additions and 4 deletions
--- a/pam-1.1.4-access-split.patch
+++ b/pam-1.1.4-access-split.patch
@ -0,0 +1,35 @@
 commit 61f4f06abc9b8fcb3c478fa430b52499fd2ca300
 Author: Tomas Mraz <tmraz@fedoraproject.org>
 Date:   Thu Aug 25 15:48:51 2011 +0200
    Fix the split on @ in the user field. (Red Hat Bug #732081)
 diff --git a/ChangeLog b/ChangeLog
 index 7563098..b4f1ef8 100644
 --- a/ChangeLog
 +++ b/ChangeLog
@@ -1,3 +1,8 @@
 +2011-08-25  Tomas Mraz  <tm@t8m.info>
 +
 +	* modules/pam_access/pam_access.c (user_match): Fix the split
 +	  on @ in the user field. (Red Hat Bug #732081)
 +
 2011-08-23  Tomas Mraz  <tm@t8m.info>
 	* modules/pam_env/pam_env.c (_pam_parse): Fix missing dereference.
 diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
 index 0eb1e8c..472116c 100644
 --- a/modules/pam_access/pam_access.c
 +++ b/modules/pam_access/pam_access.c
@@ -521,7 +521,10 @@ user_match (pam_handle_t *pamh, char *tok, struct login_info *item)
      * name of the user's primary group.
      */
 -    if (tok[0] != '@' && (at = strchr(tok + 1, '@')) != 0) {
 +    /* Try to split on a pattern (@*[^@]+)(@+.*) */
 +    for (at = tok; *at == '@'; ++at);
 +
 +    if ((at = strchr(at, '@')) != NULL) {
         /* split user@host pattern */
 	if (item->hostname == NULL)
 	    return NO;
--- a/pam-1.1.4-console-fixes.patch
+++ b/pam-1.1.4-console-fixes.patch
@ -0,0 +1,72 @@
 diff -up Linux-PAM-1.1.4/modules/pam_console/handlers.c.console-fixes Linux-PAM-1.1.4/modules/pam_console/handlers.c
 --- Linux-PAM-1.1.4/modules/pam_console/handlers.c.console-fixes	2008-12-16 13:37:52.000000000 +0100
 +++ Linux-PAM-1.1.4/modules/pam_console/handlers.c	2011-07-15 14:49:39.000000000 +0200
@@ -172,13 +172,13 @@ call_exec(struct console_handler *handle
         const char *flagptr;
         const char **argv;
         int i = 0;
 -        argv = malloc(sizeof(*argv)*nparams+2);
 -        
 +        argv = malloc(sizeof(*argv)*(nparams+2));
 +
         if (argv == NULL)
                 return;
 -        
 +
         argv[i++] = handler->executable;
 -        
 +
         for (flagptr = handler->flags; *flagptr != '\0'; flagptr += strlen(flagptr)+1) {
                 switch (testflag(flagptr)) {
                 case HF_LOGFAIL:
@@ -231,7 +231,7 @@ execute_handler(pam_handle_t *pamh, stru
         }
 	sighandler = signal(SIGCHLD, SIG_DFL);
 -        
 +
         child = fork();
         switch (child) {
         case -1:
@@ -246,30 +246,32 @@ execute_handler(pam_handle_t *pamh, stru
                 if (!wait_exit) {
 			switch(fork()) {
 			case 0:
 -				exit(0);
 +				if(setsid() == -1) {
 +					_exit(255);
 +				}
 +				break;
 			case -1:
 -				exit(255);
 +				_exit(255);
 			default:
 -                    		if(setsid() == -1) {
 -                            		exit(255);
 -				}
 +				_exit(0);
 			}
                 }
                 if (set_uid) {
                         struct passwd *pw;
                         pw = getpwnam(user);
                         if (pw == NULL)
 -                                exit(255);
 +                                _exit(255);
                         if (setgid(pw->pw_gid) == -1 ||
 +			    setgroups(0, NULL) == -1 ||
                             setuid(pw->pw_uid) == -1)
 -                                exit(255);
 +                                _exit(255);
                 }
                 call_exec(handler, nparams, user, tty);
 -                exit(255);
 +                _exit(255);
         default:
                 break;
         }
 -        
 +
         waitpid(child, &rv, 0);
 	if (sighandler != SIG_ERR)
--- a/pam-1.1.4-env-deref.patch
+++ b/pam-1.1.4-env-deref.patch
@ -0,0 +1,49 @@
 commit ca6fbe92205fe5b4acf2e92e4c2bf73327b26780
 Author: Tomas Mraz <tmraz@fedoraproject.org>
 Date:   Tue Aug 23 12:42:32 2011 +0200
    Fix missing dereference.
 diff --git a/ChangeLog b/ChangeLog
 index 07f120f..7563098 100644
 --- a/ChangeLog
 +++ b/ChangeLog
@@ -1,3 +1,7 @@
 +2011-08-23  Tomas Mraz  <tm@t8m.info>
 +
 +	* modules/pam_env/pam_env.c (_pam_parse): Fix missing dereference.
 +
 2011-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>
 	* release version 1.1.4
 diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
 index 865fbaf..1ec01ca 100644
 --- a/modules/pam_env/pam_env.c
 +++ b/modules/pam_env/pam_env.c
@@ -99,7 +99,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
 	if (!strcmp(*argv,"debug"))
 	    ctrl |= PAM_DEBUG_ARG;
 	else if (!strncmp(*argv,"conffile=",9)) {
 -	  if (*argv+9 == '\0') {
 +	  if ((*argv)[9] == '\0') {
 	    pam_syslog(pamh, LOG_ERR,
 		       "conffile= specification missing argument - ignored");
 	  } else {
@@ -107,7 +107,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
 	    D(("new Configuration File: %s", *conffile));
 	  }
 	} else if (!strncmp(*argv,"envfile=",8)) {
 -	  if (*argv+8 == '\0') {
 +	  if ((*argv)[8] == '\0') {
 	    pam_syslog (pamh, LOG_ERR,
 			"envfile= specification missing argument - ignored");
 	  } else {
@@ -115,7 +115,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
 	    D(("new Env File: %s", *envfile));
 	  }
 	} else if (!strncmp(*argv,"user_envfile=",13)) {
 -	  if (*argv+13 == '\0') {
 +	  if ((*argv)[13] == '\0') {
 	    pam_syslog (pamh, LOG_ERR,
 			"user_envfile= specification missing argument - ignored");
 	  } else {
--- a/pam.spec
+++ b/pam.spec
@ -4,8 +4,9 @@ Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.1.4
 Release: 2%{?dist}
-# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
+# The library is BSD licensed with option to relicense as GPLv2+
-# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
+# - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
 License: BSD and GPLv2+
 Group: System Environment/Base
 Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2
@ -35,6 +36,8 @@ Patch10: pam-1.1.3-nouserenv.patch
 Patch11: pam-1.1.3-console-abstract.patch
 Patch12: pam-1.1.3-faillock-screensaver.patch
 # Upstreamed patches
 Patch30: pam-1.1.4-env-deref.patch
 Patch31: pam-1.1.4-access-split.patch
 %define _sbindir /sbin
 %define _moduledir /%{_lib}/security
@ -49,7 +52,7 @@ Patch12: pam-1.1.3-faillock-screensaver.patch
 %endif
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: cracklib, cracklib-dicts >= 2.8
+Requires: cracklib-dicts >= 2.8
 Requires(post): coreutils, /sbin/ldconfig
 BuildRequires: autoconf >= 2.60
 BuildRequires: automake, libtool
@ -80,7 +83,7 @@ having to recompile programs that handle authentication.
 %package devel
 Group: Development/Libraries
 Summary: Files needed for developing PAM-aware applications and modules for PAM
-Requires: pam = %{version}-%{release}
+Requires: pam%{?_isa} = %{version}-%{release}
 %description devel
 PAM (Pluggable Authentication Modules) is a system security tool that
@ -106,6 +109,9 @@ mv pam-redhat-%{pam_redhat_version}/* modules
 %patch11 -p1 -b .abstract
 %patch12 -p1 -b .screensaver
 %patch30 -p1 -b .deref
 %patch31 -p1 -b .split
 libtoolize -f
 autoreconf
@ -359,6 +365,10 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 %changelog
 * Thu Aug 25 2011 Tomas Mraz <tmraz@redhat.com> 1.1.4-3
 - fix dereference in pam_env
 - fix wrong parse of user@host pattern in pam_access (#732081)
 * Fri Jul 15 2011 Tomas Mraz <tmraz@redhat.com> 1.1.4-2
 - clear supplementary groups in pam_console handler execution