pam_tty_audit: proper initialization of the tty_audit_status struct
Related: rhbz#966166
This commit is contained in:
Tomas Mraz
parent
6ffceb7ea0
commit
b5054fab06
48
pam-1.1.7-tty-audit-init.patch
Normal file
48
pam-1.1.7-tty-audit-init.patch
Normal file
@ -0,0 +1,48 @@
|
||||
diff -up Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c.tty-audit-init Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c
|
||||
--- Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c.tty-audit-init 2013-08-28 10:53:40.000000000 +0200
|
||||
+++ Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c 2013-10-04 14:51:19.944994905 +0200
|
||||
@@ -36,6 +36,7 @@
|
||||
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
|
||||
DAMAGE. */
|
||||
|
||||
+#include "config.h"
|
||||
#include <errno.h>
|
||||
#include <fnmatch.h>
|
||||
#include <stdlib.h>
|
||||
@@ -108,7 +109,7 @@ nl_recv (int fd, unsigned type, void *bu
|
||||
struct msghdr msg;
|
||||
struct nlmsghdr nlm;
|
||||
struct iovec iov[2];
|
||||
- ssize_t res;
|
||||
+ ssize_t res, resdiff;
|
||||
|
||||
again:
|
||||
iov[0].iov_base = &nlm;
|
||||
@@ -160,12 +161,17 @@ nl_recv (int fd, unsigned type, void *bu
|
||||
res = recvmsg (fd, &msg, 0);
|
||||
if (res == -1)
|
||||
return -1;
|
||||
- if ((size_t)res != NLMSG_LENGTH (size)
|
||||
+ resdiff = NLMSG_LENGTH(size) - (size_t)res;
|
||||
+ if (resdiff < 0
|
||||
|| nlm.nlmsg_type != type)
|
||||
{
|
||||
errno = EIO;
|
||||
return -1;
|
||||
}
|
||||
+ else if (resdiff > 0)
|
||||
+ {
|
||||
+ memset((char *)buf + res, 0, resdiff);
|
||||
+ }
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -275,6 +281,8 @@ pam_sm_open_session (pam_handle_t *pamh,
|
||||
return PAM_SESSION_ERR;
|
||||
}
|
||||
|
||||
+ memcpy(&new_status, old_status, sizeof(new_status));
|
||||
+
|
||||
new_status.enabled = (command == CMD_ENABLE ? 1 : 0);
|
||||
#ifdef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD
|
||||
new_status.log_passwd = log_passwd;
|
||||
8
pam.spec
8
pam.spec
@ -3,7 +3,7 @@
|
||||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.1.7
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+
|
||||
# - this option is redundant as the BSD license allows that anyway.
|
||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||
@ -45,6 +45,7 @@ Patch20: pam-1.1.5-unix-no-fallback.patch
|
||||
Patch22: pam-1.1.7-unix-build.patch
|
||||
Patch29: pam-1.1.6-pwhistory-helper.patch
|
||||
Patch31: pam-1.1.6-use-links.patch
|
||||
Patch32: pam-1.1.7-tty-audit-init.patch
|
||||
|
||||
%define _pamlibdir %{_libdir}
|
||||
%define _moduledir %{_libdir}/security
|
||||
@ -122,7 +123,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
|
||||
%patch22 -p1 -b .build
|
||||
%patch29 -p1 -b .pwhhelper
|
||||
%patch31 -p1 -b .links
|
||||
|
||||
%patch32 -p1 -b .tty-audit-init
|
||||
|
||||
%build
|
||||
autoreconf -i
|
||||
@ -370,6 +371,9 @@ fi
|
||||
%doc doc/adg/*.txt doc/adg/html
|
||||
|
||||
%changelog
|
||||
* Fri Oct 4 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.7-3
|
||||
- pam_tty_audit: proper initialization of the tty_audit_status struct
|
||||
|
||||
* Mon Sep 30 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.7-2
|
||||
- add "local_users_only" to pam_pwquality in default configuration
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user