summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorSaul Wold <sgw@linux.intel.com>2013-04-05 10:09:31 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-04-05 18:21:31 +0100
commit59c073514c01b018f6123bb177141888b6f8c8ee (patch)
tree904add4bd965c1f6fe148713e44cc6dc68dabdb9 /meta/recipes-core
parent04b799b3c8602aaf826d0ce1e42cb01d63e6c9e5 (diff)
downloadpoky-59c073514c01b018f6123bb177141888b6f8c8ee.tar.gz
tinylogin: fix segfault from crypt()
In glibc 2.17, crypt() now expects 2 valid chars for the seed or it will error out and return a NULL. The tinylogin code took the result from crypt directly into a strcmp() which caused a segfault Tinylogin has been deperacted, busybox now has login support, I will investigate using busybox login support for 1.5. [YOCTO #4097] (From OE-Core rev: 03034e0f5dff426ee7adaa2364082dd47c23260a) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch23
-rw-r--r--meta/recipes-core/tinylogin/tinylogin_1.4.bb4
2 files changed, 26 insertions, 1 deletions
diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch
new file mode 100644
index 0000000000..0a24656d09
--- /dev/null
+++ b/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch
@@ -0,0 +1,23 @@
1
2staring from glibc 2.17 the crypt() function will error out and return
3NULL if the seed or "correct" is invalid. The failure case for this is
4an unknown user which tinylogin assigns '!' for the password. crypt()
5now expects a minimum of 2 valid characters. If we get a NULL return
6value from the crypt, assume we fail and return 0.
7
8Upstream-Status: Inappropriate [tinylogin depercated]
9Signed-off-by: Saul Wold <sgw@linux.intel.com>
10
11Index: tinylogin-1.4/libbb/correct_password.c
12===================================================================
13--- tinylogin-1.4.orig/libbb/correct_password.c
14+++ tinylogin-1.4/libbb/correct_password.c
15@@ -74,5 +74,8 @@ int correct_password ( const struct pass
16 }
17 encrypted = crypt ( unencrypted, correct );
18 memset ( unencrypted, 0, xstrlen ( unencrypted ));
19+ if ( !encrypted )
20+ return 0;
21+
22 return ( strcmp ( encrypted, correct ) == 0 ) ? 1 : 0;
23 }
diff --git a/meta/recipes-core/tinylogin/tinylogin_1.4.bb b/meta/recipes-core/tinylogin/tinylogin_1.4.bb
index aaed92aad2..6e08011004 100644
--- a/meta/recipes-core/tinylogin/tinylogin_1.4.bb
+++ b/meta/recipes-core/tinylogin/tinylogin_1.4.bb
@@ -18,7 +18,9 @@ SRC_URI = "http://www.angstrom-distribution.org/unstable/sources/tinylogin-${PV}
18 file://remove-index.patch \ 18 file://remove-index.patch \
19 file://use_O2_option.patch \ 19 file://use_O2_option.patch \
20 file://passwd_rotate_check.patch \ 20 file://passwd_rotate_check.patch \
21 file://avoid_static.patch" 21 file://avoid_static.patch \
22 file://glibc_crypt_fix.patch \
23 "
22 24
23SRC_URI[md5sum] = "44da0ff2b727455669890b24305e351d" 25SRC_URI[md5sum] = "44da0ff2b727455669890b24305e351d"
24SRC_URI[sha256sum] = "5e542e4b7825305a3678bf73136c392feb0d44b8bbf926e8eda5453eea7ddd6b" 26SRC_URI[sha256sum] = "5e542e4b7825305a3678bf73136c392feb0d44b8bbf926e8eda5453eea7ddd6b"