Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/pam.git#f35e0f9f106bdbb3ef10319d8876b7c436b000ee
This commit is contained in:
parent
35569b9b83
commit
ed4e70950f
84
pam-1.4.0-libpam-start-leak.patch
Normal file
84
pam-1.4.0-libpam-start-leak.patch
Normal file
@ -0,0 +1,84 @@
|
||||
From 50ab1eda259ff039922b2774895f09bf0a57e078 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@cryptomilk.org>
|
||||
Date: Wed, 4 Nov 2020 17:21:47 +0100
|
||||
Subject: [PATCH 1/2] libpam: Fix memory leak with pam_start_confdir()
|
||||
|
||||
Found with AddressSanitzer in pam_wrapper tests.
|
||||
|
||||
==985738== 44 bytes in 4 blocks are definitely lost in loss record 18 of 18
|
||||
==985738== at 0x4839809: malloc (vg_replace_malloc.c:307)
|
||||
==985738== by 0x48957E1: _pam_strdup (pam_misc.c:129)
|
||||
==985738== by 0x489851B: _pam_start_internal (pam_start.c:85)
|
||||
==985738== by 0x4849C8C: libpam_pam_start_confdir (pam_wrapper.c:418)
|
||||
==985738== by 0x484AF94: pwrap_pam_start (pam_wrapper.c:1461)
|
||||
==985738== by 0x484AFEE: pam_start (pam_wrapper.c:1483)
|
||||
==985738== by 0x401723: setup_noconv (test_pam_wrapper.c:189)
|
||||
==985738== by 0x4889E82: ??? (in /usr/lib64/libcmocka.so.0.7.0)
|
||||
==985738== by 0x488A444: _cmocka_run_group_tests (in /usr/lib64/libcmocka.so.0.7.0)
|
||||
==985738== by 0x403EE5: main (test_pam_wrapper.c:1059)
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
---
|
||||
libpam/pam_end.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/libpam/pam_end.c b/libpam/pam_end.c
|
||||
index 942253d8..406b1478 100644
|
||||
--- a/libpam/pam_end.c
|
||||
+++ b/libpam/pam_end.c
|
||||
@@ -56,6 +56,9 @@ int pam_end(pam_handle_t *pamh, int pam_status)
|
||||
_pam_overwrite(pamh->user);
|
||||
_pam_drop(pamh->user);
|
||||
|
||||
+ _pam_overwrite(pamh->confdir);
|
||||
+ _pam_drop(pamh->confdir);
|
||||
+
|
||||
_pam_overwrite(pamh->prompt);
|
||||
_pam_drop(pamh->prompt); /* prompt for pam_get_user() */
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
||||
|
||||
From 51318fd423a8ab4456a278ef0aff6ad449aab916 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@cryptomilk.org>
|
||||
Date: Wed, 4 Nov 2020 17:23:09 +0100
|
||||
Subject: [PATCH 2/2] libpam: Fix memory leak on error path in
|
||||
_pam_start_internal()
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
---
|
||||
libpam/pam_start.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/libpam/pam_start.c b/libpam/pam_start.c
|
||||
index 59d06224..99dd0389 100644
|
||||
--- a/libpam/pam_start.c
|
||||
+++ b/libpam/pam_start.c
|
||||
@@ -115,6 +115,7 @@ static int _pam_start_internal (
|
||||
pam_syslog(*pamh, LOG_CRIT, "pam_start: malloc failed for pam_conv");
|
||||
_pam_drop((*pamh)->service_name);
|
||||
_pam_drop((*pamh)->user);
|
||||
+ _pam_drop((*pamh)->confdir);
|
||||
_pam_drop(*pamh);
|
||||
return (PAM_BUF_ERR);
|
||||
} else {
|
||||
@@ -128,6 +129,7 @@ static int _pam_start_internal (
|
||||
_pam_drop((*pamh)->pam_conversation);
|
||||
_pam_drop((*pamh)->service_name);
|
||||
_pam_drop((*pamh)->user);
|
||||
+ _pam_drop((*pamh)->confdir);
|
||||
_pam_drop(*pamh);
|
||||
return PAM_ABORT;
|
||||
}
|
||||
@@ -145,6 +147,7 @@ static int _pam_start_internal (
|
||||
_pam_drop((*pamh)->pam_conversation);
|
||||
_pam_drop((*pamh)->service_name);
|
||||
_pam_drop((*pamh)->user);
|
||||
+ _pam_drop((*pamh)->confdir);
|
||||
_pam_drop(*pamh);
|
||||
return PAM_ABORT;
|
||||
}
|
||||
--
|
||||
2.26.2
|
||||
|
9
pam.spec
9
pam.spec
@ -3,7 +3,7 @@
|
||||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.4.0
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+
|
||||
# - this option is redundant as the BSD license allows that anyway.
|
||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||
@ -52,6 +52,9 @@ Patch59: pam-1.4.0-motd-filter-files.patch
|
||||
Patch60: pam-1.4.0-unix-init-daysleft.patch
|
||||
# https://github.com/linux-pam/linux-pam/commit/9f24bbeeb4fe04bc396898cd9825478ad52c5ac7
|
||||
Patch61: pam-1.4.0-motd-privilege-message.patch
|
||||
# https://github.com/linux-pam/linux-pam/commit/50ab1eda259ff039922b2774895f09bf0a57e078
|
||||
# https://github.com/linux-pam/linux-pam/commit/51318fd423a8ab4456a278ef0aff6ad449aab916
|
||||
Patch62: pam-1.4.0-libpam-start-leak.patch
|
||||
|
||||
%global _pamlibdir %{_libdir}
|
||||
%global _moduledir %{_libdir}/security
|
||||
@ -145,6 +148,7 @@ cp %{SOURCE18} .
|
||||
%patch59 -p1 -b .motd-filter-files
|
||||
%patch60 -p1 -b .unix-init-daysleft
|
||||
%patch61 -p1 -b .motd-privilege-message
|
||||
%patch62 -p1 -b .libpam-start-leak
|
||||
|
||||
autoreconf -i
|
||||
|
||||
@ -404,6 +408,9 @@ done
|
||||
%doc doc/sag/*.txt doc/sag/html
|
||||
|
||||
%changelog
|
||||
* Fri Nov 6 2020 Iker Pedrosa <ipedrosa@redhat.com> - 1.4.0-7
|
||||
- libpam: fix memory leak in pam_start (#1894630)
|
||||
|
||||
* Mon Oct 19 2020 Iker Pedrosa <ipedrosa@redhat.com> - 1.4.0-6
|
||||
- pam_unix: fix missing initialization of daysleft (#1887077)
|
||||
- pam_motd: change privilege message prompt to default (#1861640)
|
||||
|
Loading…
Reference in New Issue
Block a user