check NULL return from crypt() calls (#915316)
This commit is contained in:
Tomas Mraz
parent
21cc104fe0
commit
b38262e712
55
pam-1.1.6-crypt-null-check.patch
Normal file
55
pam-1.1.6-crypt-null-check.patch
Normal file
@ -0,0 +1,55 @@
|
||||
From 8dc056c1c8bc7acb66c4decc49add2c3a24e6310 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Mraz <tmraz@fedoraproject.org>
|
||||
Date: Fri, 8 Feb 2013 15:04:26 +0100
|
||||
Subject: [PATCH] Add checks for crypt() returning NULL.
|
||||
|
||||
modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return.
|
||||
modules/pam_unix/bigcrypt.c (bigcrypt): Likewise.
|
||||
---
|
||||
modules/pam_pwhistory/opasswd.c | 2 +-
|
||||
modules/pam_unix/bigcrypt.c | 9 +++++++++
|
||||
2 files changed, 10 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c
|
||||
index 274fdb9..836d713 100644
|
||||
--- a/modules/pam_pwhistory/opasswd.c
|
||||
+++ b/modules/pam_pwhistory/opasswd.c
|
||||
@@ -108,7 +108,7 @@ compare_password(const char *newpass, const char *oldpass)
|
||||
outval = crypt (newpass, oldpass);
|
||||
#endif
|
||||
|
||||
- return strcmp(outval, oldpass) == 0;
|
||||
+ return outval != NULL && strcmp(outval, oldpass) == 0;
|
||||
}
|
||||
|
||||
/* Check, if the new password is already in the opasswd file. */
|
||||
diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
|
||||
index e10d1c5..e1d57a0 100644
|
||||
--- a/modules/pam_unix/bigcrypt.c
|
||||
+++ b/modules/pam_unix/bigcrypt.c
|
||||
@@ -109,6 +109,10 @@ char *bigcrypt(const char *key, const char *salt)
|
||||
#else
|
||||
tmp_ptr = crypt(plaintext_ptr, salt); /* libc crypt() */
|
||||
#endif
|
||||
+ if (tmp_ptr == NULL) {
|
||||
+ free(dec_c2_cryptbuf);
|
||||
+ return NULL;
|
||||
+ }
|
||||
/* and place in the static area */
|
||||
strncpy(cipher_ptr, tmp_ptr, 13);
|
||||
cipher_ptr += ESEGMENT_SIZE + SALT_SIZE;
|
||||
@@ -130,6 +134,11 @@ char *bigcrypt(const char *key, const char *salt)
|
||||
#else
|
||||
tmp_ptr = crypt(plaintext_ptr, salt_ptr);
|
||||
#endif
|
||||
+ if (tmp_ptr == NULL) {
|
||||
+ _pam_overwrite(dec_c2_cryptbuf);
|
||||
+ free(dec_c2_cryptbuf);
|
||||
+ return NULL;
|
||||
+ }
|
||||
|
||||
/* skip the salt for seg!=0 */
|
||||
strncpy(cipher_ptr, (tmp_ptr + SALT_SIZE), ESEGMENT_SIZE);
|
||||
--
|
||||
1.7.7.6
|
||||
|
||||
8
pam.spec
8
pam.spec
@ -3,7 +3,7 @@
|
||||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.1.6
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+
|
||||
# - this option is redundant as the BSD license allows that anyway.
|
||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||
@ -50,6 +50,8 @@ Patch22: pam-1.1.5-unix-build.patch
|
||||
Patch23: pam-1.1.6-autoupdate.patch
|
||||
# Upstreamed
|
||||
Patch24: pam-1.1.6-namespace-mntopts.patch
|
||||
# Upstreamed
|
||||
Patch25: pam-1.1.6-crypt-null-check.patch
|
||||
|
||||
%define _sbindir /sbin
|
||||
%define _moduledir /%{_lib}/security
|
||||
@ -130,6 +132,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
|
||||
%patch22 -p1 -b .build
|
||||
%patch23 -p1 -b .autoupdate
|
||||
%patch24 -p1 -b .mntopts
|
||||
%patch25 -p1 -b .null-check
|
||||
|
||||
%build
|
||||
autoreconf -i
|
||||
@ -383,6 +386,9 @@ fi
|
||||
%doc doc/adg/*.txt doc/adg/html
|
||||
|
||||
%changelog
|
||||
* Tue Mar 19 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.6-8
|
||||
- check NULL return from crypt() calls (#915316)
|
||||
|
||||
* Thu Mar 14 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.6-7
|
||||
- add workaround for low nproc limit for confined root user (#432903)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user