Resolves: CVE-2010-2940
This commit is contained in:
Stephen Gallagher
parent
22218bb857
commit
8c665d0af5
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
||||
sssd-1.2.91.tar.gz
|
||||
/sssd-1.3.0.tar.gz
|
||||
|
||||
32
0001-Treat-a-zero-length-password-as-a-failure.patch
Normal file
32
0001-Treat-a-zero-length-password-as-a-failure.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From 8eeb47279a5a4559d9d7f911250d6164ab120897 Mon Sep 17 00:00:00 2001
|
||||
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||
Date: Wed, 18 Aug 2010 12:57:43 -0400
|
||||
Subject: [PATCH 9/9] Treat a zero-length password as a failure
|
||||
|
||||
Some LDAP servers allow binding with blank passwords. We should
|
||||
not allow a blank password to authenticate the SSSD.
|
||||
---
|
||||
src/providers/ldap/ldap_auth.c | 7 +++++++
|
||||
1 files changed, 7 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
|
||||
index b05e3075ce117fad17b87ffde257c80fc035b8c4..1a959d4cc45980fe5dd12db3460cc23f341466fd 100644
|
||||
--- a/src/providers/ldap/ldap_auth.c
|
||||
+++ b/src/providers/ldap/ldap_auth.c
|
||||
@@ -557,6 +557,13 @@ static struct tevent_req *auth_send(TALLOC_CTX *memctx,
|
||||
req = tevent_req_create(memctx, &state, struct auth_state);
|
||||
if (!req) return NULL;
|
||||
|
||||
+ /* Treat a zero-length password as a failure */
|
||||
+ if (password.length == 0) {
|
||||
+ state->result = SDAP_AUTH_FAILED;
|
||||
+ tevent_req_done(req);
|
||||
+ return tevent_req_post(req, ev);
|
||||
+ }
|
||||
+
|
||||
state->ev = ev;
|
||||
state->ctx = ctx;
|
||||
state->username = username;
|
||||
--
|
||||
1.7.2.1
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
1bbdc5e9f61f3a83adc145d761fab83d sssd-1.2.91.tar.gz
|
||||
444b46e1b3900692b73652f168b9ad79 sssd-1.3.0.tar.gz
|
||||
|
||||
11
sssd.spec
11
sssd.spec
@ -4,10 +4,10 @@
|
||||
%endif
|
||||
|
||||
Name: sssd
|
||||
Version: 1.2.91
|
||||
Version: 1.3.0
|
||||
#Never reset the Release, always increment it
|
||||
#Otherwise we can have issues if library versions do not change
|
||||
Release: 21%{?dist}
|
||||
Release: 30%{?dist}
|
||||
Group: Applications/System
|
||||
Summary: System Security Services Daemon
|
||||
License: GPLv3+
|
||||
@ -22,7 +22,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||
%global refarray_version 0.1.0
|
||||
|
||||
### Patches ###
|
||||
|
||||
Patch0001: 0001-Treat-a-zero-length-password-as-a-failure.patch
|
||||
|
||||
### Dependencies ###
|
||||
|
||||
@ -202,6 +202,7 @@ A dynamically-growing, reference-counted array
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0001 -p1
|
||||
|
||||
%build
|
||||
%configure \
|
||||
@ -459,6 +460,10 @@ fi
|
||||
%postun -n libref_array -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Tue Aug 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-30
|
||||
- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate
|
||||
- against LDAP
|
||||
|
||||
* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 1.2.91-21
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user