From 59e397ee423c12547e8fecbe810da4873b15cc17 Mon Sep 17 00:00:00 2001 From: Peter Vrabec Date: Mon, 14 Jun 2010 11:15:21 +0000 Subject: [PATCH] - fix integer underflow in faillog (#603683) - use preferred GID for reserved static IDs --- shadow-4.1.4.2-uflg.patch | 25 ++++++++++++++++++++ shadow-4.1.4.2-underflow.patch | 43 ++++++++++++++++++++++++++++++++++ shadow-utils.spec | 10 +++++++- 3 files changed, 77 insertions(+), 1 deletion(-) create mode 100644 shadow-4.1.4.2-uflg.patch create mode 100644 shadow-4.1.4.2-underflow.patch diff --git a/shadow-4.1.4.2-uflg.patch b/shadow-4.1.4.2-uflg.patch new file mode 100644 index 0000000..be1a73e --- /dev/null +++ b/shadow-4.1.4.2-uflg.patch @@ -0,0 +1,25 @@ +diff -up shadow-4.1.4.2/libmisc/find_new_gid.c.uflg shadow-4.1.4.2/libmisc/find_new_gid.c +--- shadow-4.1.4.2/libmisc/find_new_gid.c.uflg 2010-05-21 11:31:36.069929199 +0200 ++++ shadow-4.1.4.2/libmisc/find_new_gid.c 2010-05-21 11:31:47.600963338 +0200 +@@ -61,7 +61,7 @@ int find_new_gid (bool sys_group, + gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL); + gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL); + } else { +- gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 201UL); ++ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 1UL); + gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1; + gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max); + } +@@ -79,7 +79,11 @@ int find_new_gid (bool sys_group, + *gid = *preferred_gid; + return 0; + } +- ++ ++ /* if we did not find free preffered system gid, we start to look for ++ * one in the range assigned to dynamic system IDs */ ++ if (sys_group) ++ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 201UL); + + /* + * Search the entire group file, diff --git a/shadow-4.1.4.2-underflow.patch b/shadow-4.1.4.2-underflow.patch new file mode 100644 index 0000000..87f8931 --- /dev/null +++ b/shadow-4.1.4.2-underflow.patch @@ -0,0 +1,43 @@ +diff -up shadow-4.1.4.2/src/faillog.c.overflow shadow-4.1.4.2/src/faillog.c +--- shadow-4.1.4.2/src/faillog.c.overflow 2010-06-14 10:40:28.023030897 +0200 ++++ shadow-4.1.4.2/src/faillog.c 2010-06-14 10:53:10.884034750 +0200 +@@ -106,8 +106,8 @@ static void print_one (/*@null@*/const s + return; + } + +- offset = pw->pw_uid * sizeof (fl); +- if (offset <= (statbuf.st_size - sizeof (fl))) { ++ offset = (off_t) pw->pw_uid * sizeof (fl); ++ if (offset + sizeof (fl) <= statbuf.st_size) { + /* fseeko errors are not really relevant for us. */ + int err = fseeko (fail, offset, SEEK_SET); + assert (0 == err); +@@ -206,8 +206,8 @@ static bool reset_one (uid_t uid) + off_t offset; + struct faillog fl; + +- offset = uid * sizeof (fl); +- if (offset <= (statbuf.st_size - sizeof (fl))) { ++ offset = (off_t) uid * sizeof (fl); ++ if (offset + sizeof (fl) <= statbuf.st_size) { + /* fseeko errors are not really relevant for us. */ + int err = fseeko (fail, offset, SEEK_SET); + assert (0 == err); +@@ -294,7 +294,7 @@ static bool setmax_one (uid_t uid, int m + struct faillog fl; + + offset = (off_t) uid * sizeof (fl); +- if (offset <= (statbuf.st_size - sizeof (fl))) { ++ if (offset + sizeof (fl) <= statbuf.st_size) { + /* fseeko errors are not really relevant for us. */ + int err = fseeko (fail, offset, SEEK_SET); + assert (0 == err); +@@ -385,7 +385,7 @@ static bool set_locktime_one (uid_t uid, + struct faillog fl; + + offset = (off_t) uid * sizeof (fl); +- if (offset <= (statbuf.st_size - sizeof (fl))) { ++ if (offset + sizeof (fl) <= statbuf.st_size) { + /* fseeko errors are not really relevant for us. */ + int err = fseeko (fail, offset, SEEK_SET); + assert (0 == err); diff --git a/shadow-utils.spec b/shadow-utils.spec index 78bdef5..ec06437 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.1.4.2 -Release: 6%{?dist} +Release: 7%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2 @@ -14,6 +14,8 @@ Patch3: shadow-4.1.4.2-fixes.patch Patch4: shadow-4.1.4.2-infoParentDir.patch Patch5: shadow-4.1.4.2-semange.patch Patch6: shadow-4.1.4.2-acl.patch +Patch7: shadow-4.1.4.2-underflow.patch +Patch8: shadow-4.1.4.2-uflg.patch License: BSD and GPLv2+ Group: System Environment/Base BuildRequires: libselinux-devel >= 1.25.2-1 @@ -46,6 +48,8 @@ are used for managing group accounts. %patch4 -p1 -b .infoParentDir %patch5 -p1 -b .semange %patch6 -p1 -b .acl +%patch7 -p1 -b .underflow +%patch8 -p1 -b .uflg iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -188,6 +192,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vigr.8* %changelog +* Mon Jun 14 2010 Peter Vrabec - 2:4.1.4.2-7 +- fix integer underflow in faillog (#603683) +- use preferred GID for reserved static IDs + * Thu Apr 29 2010 Peter Vrabec - 2:4.1.4.2-6 - preserve ACL's on files in /etc/skel Resolves: #513055