diff options
| author | Sona Sarmadi <sona.sarmadi@enea.com> | 2017-08-29 10:31:19 +0200 |
|---|---|---|
| committer | Adrian Dudau <adrian.dudau@enea.com> | 2017-08-29 13:37:48 +0200 |
| commit | e3f32e1fc30aa34b0bfa73fc53231396220beb5b (patch) | |
| tree | f47981461438cd56a09e44f54c39bf8123ac537b | |
| parent | ad28b1279655db5b0986a8d7ca331358a3e363d1 (diff) | |
| download | meta-el-common-e3f32e1fc30aa34b0bfa73fc53231396220beb5b.tar.gz | |
shadow: fix for CVE-2016-6252
Integer overflow in shadow 4.2.1 allows local users to gain privileges via
crafted input to newuidmap.
References:
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252
Upstream fix:
https://github.com/shadow-maint/shadow/commit/1d5a926cc2d6078d23a96222b1ef3e558724dad1
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
| -rw-r--r-- | recipes-extended/shadow/shadow/CVE-2016-6252.patch | 48 | ||||
| -rw-r--r-- | recipes-extended/shadow/shadow_%.bbappend | 5 |
2 files changed, 53 insertions, 0 deletions
diff --git a/recipes-extended/shadow/shadow/CVE-2016-6252.patch b/recipes-extended/shadow/shadow/CVE-2016-6252.patch new file mode 100644 index 0000000..6e05584 --- /dev/null +++ b/recipes-extended/shadow/shadow/CVE-2016-6252.patch | |||
| @@ -0,0 +1,48 @@ | |||
| 1 | From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Sebastian Krahmer <krahmer@suse.com> | ||
| 3 | Date: Wed, 3 Aug 2016 11:51:07 -0500 | ||
| 4 | Subject: [PATCH] Simplify getulong | ||
| 5 | |||
| 6 | Use strtoul to read an unsigned long, rather than reading | ||
| 7 | a signed long long and casting it. | ||
| 8 | |||
| 9 | https://bugzilla.suse.com/show_bug.cgi?id=979282 | ||
| 10 | |||
| 11 | CVE: CVE-2016-6252 | ||
| 12 | Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/1d5a926cc2d6078d23a96222b1ef3e558724dad1] | ||
| 13 | |||
| 14 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
| 15 | --- | ||
| 16 | lib/getulong.c | 9 +++------ | ||
| 17 | 1 file changed, 3 insertions(+), 6 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/lib/getulong.c b/lib/getulong.c | ||
| 20 | index 61579cae..08d2c1a8 100644 | ||
| 21 | --- a/lib/getulong.c | ||
| 22 | +++ b/lib/getulong.c | ||
| 23 | @@ -44,22 +44,19 @@ | ||
| 24 | */ | ||
| 25 | int getulong (const char *numstr, /*@out@*/unsigned long int *result) | ||
| 26 | { | ||
| 27 | - long long int val; | ||
| 28 | + unsigned long int val; | ||
| 29 | char *endptr; | ||
| 30 | |||
| 31 | errno = 0; | ||
| 32 | - val = strtoll (numstr, &endptr, 0); | ||
| 33 | + val = strtoul (numstr, &endptr, 0); | ||
| 34 | if ( ('\0' == *numstr) | ||
| 35 | || ('\0' != *endptr) | ||
| 36 | || (ERANGE == errno) | ||
| 37 | - /*@+ignoresigns@*/ | ||
| 38 | - || (val != (unsigned long int)val) | ||
| 39 | - /*@=ignoresigns@*/ | ||
| 40 | ) { | ||
| 41 | return 0; | ||
| 42 | } | ||
| 43 | |||
| 44 | - *result = (unsigned long int)val; | ||
| 45 | + *result = val; | ||
| 46 | return 1; | ||
| 47 | } | ||
| 48 | |||
diff --git a/recipes-extended/shadow/shadow_%.bbappend b/recipes-extended/shadow/shadow_%.bbappend new file mode 100644 index 0000000..4f04479 --- /dev/null +++ b/recipes-extended/shadow/shadow_%.bbappend | |||
| @@ -0,0 +1,5 @@ | |||
| 1 | # look for files in the layer first | ||
| 2 | FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" | ||
| 3 | |||
| 4 | SRC_URI += "file://CVE-2016-6252.patch \ | ||
| 5 | " | ||