summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/shadow/files
diff options
context:
space:
mode:
authorChen Qi <Qi.Chen@windriver.com>2017-08-16 18:28:10 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-08-18 10:40:26 +0100
commit1f9c9a288494dab303785414b75077b91301d293 (patch)
tree4a5b474ddcda460d4d9a6013ef63b54dcb568fa9 /meta/recipes-extended/shadow/files
parentaa4f7c8b142be76d77e172e83e1b176d83e050d4 (diff)
downloadpoky-1f9c9a288494dab303785414b75077b91301d293.tar.gz
shadow: fix CVE-2017-12424
Backport a patch to fix CVE-2017-12424. In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Reference link: https://nvd.nist.gov/vuln/detail/CVE-2017-12424 CVE: CVE-2017-12424 (From OE-Core rev: 896495d4d2a9751e6e013a3498293b2443d7d809) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/shadow/files')
-rw-r--r--meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-1242446
1 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424 b/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424
new file mode 100644
index 0000000000..4d3e1e016c
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424
@@ -0,0 +1,46 @@
1From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001
2From: Tomas Mraz <tmraz@fedoraproject.org>
3Date: Fri, 31 Mar 2017 16:25:06 +0200
4Subject: [PATCH] Fix buffer overflow if NULL line is present in db.
5
6If ptr->line == NULL for an entry, the first cycle will exit,
7but the second one will happily write past entries buffer.
8We actually do not want to exit the first cycle prematurely
9on ptr->line == NULL.
10Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
11
12CVE: CVE-2017-12424
13Upstream-Status: Backport
14Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
15---
16 lib/commonio.c | 8 ++++----
17 1 file changed, 4 insertions(+), 4 deletions(-)
18
19diff --git a/lib/commonio.c b/lib/commonio.c
20index b10da06..31edbaa 100644
21--- a/lib/commonio.c
22+++ b/lib/commonio.c
23@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
24 for (ptr = db->head;
25 (NULL != ptr)
26 #if KEEP_NIS_AT_END
27- && (NULL != ptr->line)
28- && ( ('+' != ptr->line[0])
29- && ('-' != ptr->line[0]))
30+ && ((NULL == ptr->line)
31+ || (('+' != ptr->line[0])
32+ && ('-' != ptr->line[0])))
33 #endif
34 ;
35 ptr = ptr->next) {
36 n++;
37 }
38 #if KEEP_NIS_AT_END
39- if ((NULL != ptr) && (NULL != ptr->line)) {
40+ if (NULL != ptr) {
41 nis = ptr;
42 }
43 #endif
44--
452.1.0
46