libpam: Fix the xtests/tst-pam_motd[1|3] failures

Reproducer: 1.Enable the ptest of libpam and build the image. 2.Boot the rootfs with nfs, then run the following tests as root: cd /usr/share/Linux-PAM/xtests /usr/share/Linux-PAM/xtests# ./run-xtests.sh . tst-pam_motd1 /usr/share/Linux-PAM/xtests# ./run-xtests.sh . tst-pam_motd3 After applying this patch, the ptest doesn't be failed. (From OE-Core rev: 549e54ad6a175359b0a57987ccdab8989df9d3a9) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Zhixiong Chi <zhixiong.chi@windriver.com> 2023-04-12 02:58:05 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-04-14 16:44:24 +0100
commit: c9205c3bfd52e553b42ffe016e2d7c38a6899260 (patch)
tree: 668d97cd2884988f5d88275dcd437fa334d2630d /meta/recipes-extended/pam
parent: 493e0eae7f3125c340b920305f0ecaff41019384 (diff)
download: poky-c9205c3bfd52e553b42ffe016e2d7c38a6899260.tar.gz
2 files changed, 109 insertions, 0 deletions
diff --git a/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch b/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
new file mode 100644
index 0000000000..94dcb04f0a
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
@@ -0,0 +1,108 @@
+From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001
+From: Per Jessen <per@jessen.ch>
+Date: Fri, 22 Apr 2022 18:15:36 +0200
+Subject: [PATCH] pam_motd: do not rely on all filesystems providing a filetype
+When using scandir() to look for MOTD files to display, we wrongly
+relied on all filesystems providing a filetype.  This is a fix to divert
+to lstat() when we have no filetype.  To maintain MT safety, it isn't
+possible to use lstat() in the scandir() filter function, so all of the
+filtering has been moved to an additional loop after scanning all the
+motd dirs.
+Also, remove superfluous alphasort from scandir(), we are doing
+a qsort() later.
+Resolves: https://github.com/linux-pam/linux-pam/issues/455
+Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70]
+Signed-off-by: Per Jessen <per@jessen.ch>
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ modules/pam_motd/pam_motd.c | 49 ++++++++++++++++++++++++++++++-------
+ 1 file changed, 40 insertions(+), 9 deletions(-)
+diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
+index 6ac8cba2..5ca486e4 100644
+--- a/modules/pam_motd/pam_motd.c
+++ b/modules/pam_motd/pam_motd.c
+@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b)
+     }
+ }
+ 
+-static int filter_dirents(const struct dirent *d)
+-{
+-    return (d->d_type == DT_REG || d->d_type == DT_LNK);
+-}
+-
+ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
+        char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing)
+ {
+@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
+ 
+     for (i = 0; i < num_motd_dirs; i++) {
+        int rv;
+-       rv = scandir(motd_dir_path_split[i], &(dirscans[i]),
+-               filter_dirents, alphasort);
+       rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL);
+        if (rv < 0) {
+            if (errno != ENOENT || report_missing) {
+                pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m",
+@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
+     if (dirscans_size_total == 0)
+         goto out;
+ 
+    /* filter out unwanted names, directories, and complement data with lstat() */
+    for (i = 0; i < num_motd_dirs; i++) {
+       struct dirent **d = dirscans[i];
+       for (unsigned int j = 0; j < dirscans_sizes[i]; j++) {
+           int rc;
+           char *fullpath;
+           struct stat s;
+
+           switch(d[j]->d_type) {    /* the filetype determines how to proceed */
+           case DT_REG:              /* regular files and     */
+           case DT_LNK:              /* symlinks              */
+               continue;             /* are good.             */
+           case DT_UNKNOWN:   /* for file systems that do not provide */
+                              /* a filetype, we use lstat()           */
+               if (join_dir_strings(&fullpath, motd_dir_path_split[i],
+                                    d[j]->d_name) <= 0)
+                   break;
+               rc = lstat(fullpath, &s);
+               _pam_drop(fullpath);  /* free the memory alloc'ed by join_dir_strings */
+               if (rc != 0)          /* if the lstat() somehow failed */
+                   break;
+
+               if (S_ISREG(s.st_mode) ||          /* regular files and  */
+                   S_ISLNK(s.st_mode)) continue;  /* symlinks are good  */
+               break;
+           case DT_DIR:          /* We don't want directories     */
+           default:              /* nor anything else             */
+               break;
+           }
+           _pam_drop(d[j]);  /* free memory                   */
+           d[j] = NULL;      /* indicate this one was dropped */
+           dirscans_size_total--;
+       }
+    }
+
+     /* Allocate space for all file names found in the directories, including duplicates. */
+     if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) {
+        pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array");
+@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
+        unsigned int j;
+ 
+        for (j = 0; j < dirscans_sizes[i]; j++) {
+-           dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
+-           i_dirnames++;
+           if (NULL != dirscans[i][j]) {
+               dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
+               i_dirnames++;
+           }
+        }
+     }
+ 
+-- 
+2.39.0
diff --git a/meta/recipes-extended/pam/libpam_1.5.2.bb b/meta/recipes-extended/pam/libpam_1.5.2.bb
index 5197f18132..bec47ab836 100644
--- a/meta/recipes-extended/pam/libpam_1.5.2.bb
+++ b/meta/recipes-extended/pam/libpam_1.5.2.bb
@@ -25,6 +25,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \
           file://run-ptest \
           file://pam-volatiles.conf \
           file://CVE-2022-28321-0002.patch \
+           file://0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch \
           "
 SRC_URI[sha256sum] = "e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d"
author	Zhixiong Chi <zhixiong.chi@windriver.com>	2023-04-12 02:58:05 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-04-14 16:44:24 +0100
commit	c9205c3bfd52e553b42ffe016e2d7c38a6899260 (patch)
tree	668d97cd2884988f5d88275dcd437fa334d2630d /meta/recipes-extended/pam
parent	493e0eae7f3125c340b920305f0ecaff41019384 (diff)
download	poky-c9205c3bfd52e553b42ffe016e2d7c38a6899260.tar.gz

diff --git a/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch b/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch new file mode 100644 index 0000000000..94dcb04f0a --- /dev/null +++ b/meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
@@ -0,0 +1,108 @@
		1	From 42404548721c653317c911c83d885e2fc7fbca70 Mon Sep 17 00:00:00 2001
		2	From: Per Jessen <per@jessen.ch>
		3	Date: Fri, 22 Apr 2022 18:15:36 +0200
		4	Subject: [PATCH] pam_motd: do not rely on all filesystems providing a filetype
		5
		6	When using scandir() to look for MOTD files to display, we wrongly
		7	relied on all filesystems providing a filetype. This is a fix to divert
		8	to lstat() when we have no filetype. To maintain MT safety, it isn't
		9	possible to use lstat() in the scandir() filter function, so all of the
		10	filtering has been moved to an additional loop after scanning all the
		11	motd dirs.
		12	Also, remove superfluous alphasort from scandir(), we are doing
		13	a qsort() later.
		14
		15	Resolves: https://github.com/linux-pam/linux-pam/issues/455
		16
		17	Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/42404548721c653317c911c83d885e2fc7fbca70]
		18
		19	Signed-off-by: Per Jessen <per@jessen.ch>
		20	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
		21	---
		22	modules/pam_motd/pam_motd.c \| 49 ++++++++++++++++++++++++++++++-------
		23	1 file changed, 40 insertions(+), 9 deletions(-)
		24
		25	diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
		26	index 6ac8cba2..5ca486e4 100644
		27	--- a/modules/pam_motd/pam_motd.c
		28	+++ b/modules/pam_motd/pam_motd.c
		29	@@ -166,11 +166,6 @@ static int compare_strings(const void a, const void b)
		30	}
		31	}
		32
		33	-static int filter_dirents(const struct dirent *d)
		34	-{
		35	- return (d->d_type == DT_REG \|\| d->d_type == DT_LNK);
		36	-}
		37	-
		38	static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
		39	char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing)
		40	{
		41	@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
		42
		43	for (i = 0; i < num_motd_dirs; i++) {
		44	int rv;
		45	- rv = scandir(motd_dir_path_split[i], &(dirscans[i]),
		46	- filter_dirents, alphasort);
		47	+ rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL);
		48	if (rv < 0) {
		49	if (errno != ENOENT \|\| report_missing) {
		50	pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m",
		51	@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
		52	if (dirscans_size_total == 0)
		53	goto out;
		54
		55	+ /* filter out unwanted names, directories, and complement data with lstat() */
		56	+ for (i = 0; i < num_motd_dirs; i++) {
		57	+ struct dirent **d = dirscans[i];
		58	+ for (unsigned int j = 0; j < dirscans_sizes[i]; j++) {
		59	+ int rc;
		60	+ char *fullpath;
		61	+ struct stat s;
		62	+
		63	+ switch(d[j]->d_type) { /* the filetype determines how to proceed */
		64	+ case DT_REG: /* regular files and */
		65	+ case DT_LNK: /* symlinks */
		66	+ continue; /* are good. */
		67	+ case DT_UNKNOWN: /* for file systems that do not provide */
		68	+ /* a filetype, we use lstat() */
		69	+ if (join_dir_strings(&fullpath, motd_dir_path_split[i],
		70	+ d[j]->d_name) <= 0)
		71	+ break;
		72	+ rc = lstat(fullpath, &s);
		73	+ _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */
		74	+ if (rc != 0) /* if the lstat() somehow failed */
		75	+ break;
		76	+
		77	+ if (S_ISREG(s.st_mode) \|\| /* regular files and */
		78	+ S_ISLNK(s.st_mode)) continue; /* symlinks are good */
		79	+ break;
		80	+ case DT_DIR: /* We don't want directories */
		81	+ default: /* nor anything else */
		82	+ break;
		83	+ }
		84	+ _pam_drop(d[j]); /* free memory */
		85	+ d[j] = NULL; /* indicate this one was dropped */
		86	+ dirscans_size_total--;
		87	+ }
		88	+ }
		89	+
		90	/* Allocate space for all file names found in the directories, including duplicates. */
		91	if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) {
		92	pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array");
		93	@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
		94	unsigned int j;
		95
		96	for (j = 0; j < dirscans_sizes[i]; j++) {
		97	- dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
		98	- i_dirnames++;
		99	+ if (NULL != dirscans[i][j]) {
		100	+ dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
		101	+ i_dirnames++;
		102	+ }
		103	}
		104	}
		105
		106	--
		107	2.39.0
		108


diff --git a/meta/recipes-extended/pam/libpam_1.5.2.bb b/meta/recipes-extended/pam/libpam_1.5.2.bb index 5197f18132..bec47ab836 100644 --- a/meta/recipes-extended/pam/libpam_1.5.2.bb +++ b/meta/recipes-extended/pam/libpam_1.5.2.bb
@@ -25,6 +25,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \
25	file://run-ptest \	25	file://run-ptest \
26	file://pam-volatiles.conf \	26	file://pam-volatiles.conf \
27	file://CVE-2022-28321-0002.patch \	27	file://CVE-2022-28321-0002.patch \
		28	file://0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch \
28	"	29	"
29		30
30	SRC_URI[sha256sum] = "e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d"	31	SRC_URI[sha256sum] = "e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d"