rpms/pam
6
0
Fork 0
Code Issues Pull Requests Releases Activity

pam_tty_audit: proper initialization of the tty_audit_status struct

Browse Source 
Related: rhbz#966166
This commit is contained in:
Tomas Mraz 2013-10-04 14:58:12 +02:00
parent 6ffceb7ea0
commit b5054fab06
2 changed files with 54 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
pam-1.1.7-tty-audit-init.patch Normal file
View File

@ -0,0 +1,48 @@
diff -up Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c.tty-audit-init Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c
--- Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c.tty-audit-init 2013-08-28 10:53:40.000000000 +0200
+++ Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c 2013-10-04 14:51:19.944994905 +0200
@@ -36,6 +36,7 @@
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE. */
+#include "config.h"
#include <errno.h>
#include <fnmatch.h>
#include <stdlib.h>
@@ -108,7 +109,7 @@ nl_recv (int fd, unsigned type, void *bu
struct msghdr msg;
struct nlmsghdr nlm;
struct iovec iov[2];
- ssize_t res;
+ ssize_t res, resdiff;
again:
iov[0].iov_base = &nlm;
@@ -160,12 +161,17 @@ nl_recv (int fd, unsigned type, void *bu
res = recvmsg (fd, &msg, 0);
if (res == -1)
return -1;
- if ((size_t)res != NLMSG_LENGTH (size)
+ resdiff = NLMSG_LENGTH(size) - (size_t)res;
+ if (resdiff < 0
|| nlm.nlmsg_type != type)
{
errno = EIO;
return -1;
}
+ else if (resdiff > 0)
+ {
+ memset((char *)buf + res, 0, resdiff);
+ }
return 0;
}
@@ -275,6 +281,8 @@ pam_sm_open_session (pam_handle_t *pamh,
return PAM_SESSION_ERR;
}
+ memcpy(&new_status, old_status, sizeof(new_status));
+
new_status.enabled = (command == CMD_ENABLE ? 1 : 0);
#ifdef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD
new_status.log_passwd = log_passwd;

8
pam.spec
View File

@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications Summary: An extensible library which provides authentication for applications
Name: pam Name: pam
Version: 1.1.7 Version: 1.1.7
Release: 2%{?dist} Release: 3%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ # The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway. # - this option is redundant as the BSD license allows that anyway.
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -45,6 +45,7 @@ Patch20: pam-1.1.5-unix-no-fallback.patch
Patch22: pam-1.1.7-unix-build.patch Patch22: pam-1.1.7-unix-build.patch
Patch29: pam-1.1.6-pwhistory-helper.patch Patch29: pam-1.1.6-pwhistory-helper.patch
Patch31: pam-1.1.6-use-links.patch Patch31: pam-1.1.6-use-links.patch
Patch32: pam-1.1.7-tty-audit-init.patch
%define _pamlibdir %{_libdir} %define _pamlibdir %{_libdir}
%define _moduledir %{_libdir}/security %define _moduledir %{_libdir}/security
@ -122,7 +123,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
%patch22 -p1 -b .build %patch22 -p1 -b .build
%patch29 -p1 -b .pwhhelper %patch29 -p1 -b .pwhhelper
%patch31 -p1 -b .links %patch31 -p1 -b .links
%patch32 -p1 -b .tty-audit-init
%build %build
autoreconf -i autoreconf -i
@ -370,6 +371,9 @@ fi
%doc doc/adg/*.txt doc/adg/html %doc doc/adg/*.txt doc/adg/html
%changelog %changelog
* Fri Oct 4 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.7-3
- pam_tty_audit: proper initialization of the tty_audit_status struct
* Mon Sep 30 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.7-2 * Mon Sep 30 2013 Tomáš Mráz <tmraz@redhat.com> 1.1.7-2
- add "local_users_only" to pam_pwquality in default configuration - add "local_users_only" to pam_pwquality in default configuration