From b38262e712a6034a63cf85daa957e19455dbac03 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 19 Mar 2013 16:29:42 +0100 Subject: [PATCH] check NULL return from crypt() calls (#915316) --- pam-1.1.6-crypt-null-check.patch | 55 ++++++++++++++++++++++++++++++++ pam.spec | 8 ++++- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 pam-1.1.6-crypt-null-check.patch diff --git a/pam-1.1.6-crypt-null-check.patch b/pam-1.1.6-crypt-null-check.patch new file mode 100644 index 0000000..78d7b91 --- /dev/null +++ b/pam-1.1.6-crypt-null-check.patch @@ -0,0 +1,55 @@ +From 8dc056c1c8bc7acb66c4decc49add2c3a24e6310 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Fri, 8 Feb 2013 15:04:26 +0100 +Subject: [PATCH] Add checks for crypt() returning NULL. + +modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return. +modules/pam_unix/bigcrypt.c (bigcrypt): Likewise. +--- + modules/pam_pwhistory/opasswd.c | 2 +- + modules/pam_unix/bigcrypt.c | 9 +++++++++ + 2 files changed, 10 insertions(+), 1 deletions(-) + +diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c +index 274fdb9..836d713 100644 +--- a/modules/pam_pwhistory/opasswd.c ++++ b/modules/pam_pwhistory/opasswd.c +@@ -108,7 +108,7 @@ compare_password(const char *newpass, const char *oldpass) + outval = crypt (newpass, oldpass); + #endif + +- return strcmp(outval, oldpass) == 0; ++ return outval != NULL && strcmp(outval, oldpass) == 0; + } + + /* Check, if the new password is already in the opasswd file. */ +diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c +index e10d1c5..e1d57a0 100644 +--- a/modules/pam_unix/bigcrypt.c ++++ b/modules/pam_unix/bigcrypt.c +@@ -109,6 +109,10 @@ char *bigcrypt(const char *key, const char *salt) + #else + tmp_ptr = crypt(plaintext_ptr, salt); /* libc crypt() */ + #endif ++ if (tmp_ptr == NULL) { ++ free(dec_c2_cryptbuf); ++ return NULL; ++ } + /* and place in the static area */ + strncpy(cipher_ptr, tmp_ptr, 13); + cipher_ptr += ESEGMENT_SIZE + SALT_SIZE; +@@ -130,6 +134,11 @@ char *bigcrypt(const char *key, const char *salt) + #else + tmp_ptr = crypt(plaintext_ptr, salt_ptr); + #endif ++ if (tmp_ptr == NULL) { ++ _pam_overwrite(dec_c2_cryptbuf); ++ free(dec_c2_cryptbuf); ++ return NULL; ++ } + + /* skip the salt for seg!=0 */ + strncpy(cipher_ptr, (tmp_ptr + SALT_SIZE), ESEGMENT_SIZE); +-- +1.7.7.6 + diff --git a/pam.spec b/pam.spec index 1246b4b..d322fd2 100644 --- a/pam.spec +++ b/pam.spec @@ -3,7 +3,7 @@ Summary: An extensible library which provides authentication for applications Name: pam Version: 1.1.6 -Release: 7%{?dist} +Release: 8%{?dist} # The library is BSD licensed with option to relicense as GPLv2+ # - this option is redundant as the BSD license allows that anyway. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. @@ -50,6 +50,8 @@ Patch22: pam-1.1.5-unix-build.patch Patch23: pam-1.1.6-autoupdate.patch # Upstreamed Patch24: pam-1.1.6-namespace-mntopts.patch +# Upstreamed +Patch25: pam-1.1.6-crypt-null-check.patch %define _sbindir /sbin %define _moduledir /%{_lib}/security @@ -130,6 +132,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules %patch22 -p1 -b .build %patch23 -p1 -b .autoupdate %patch24 -p1 -b .mntopts +%patch25 -p1 -b .null-check %build autoreconf -i @@ -383,6 +386,9 @@ fi %doc doc/adg/*.txt doc/adg/html %changelog +* Tue Mar 19 2013 Tomáš Mráz 1.1.6-8 +- check NULL return from crypt() calls (#915316) + * Thu Mar 14 2013 Tomáš Mráz 1.1.6-7 - add workaround for low nproc limit for confined root user (#432903)