diff options
author | Ross Burton <ross.burton@intel.com> | 2013-04-12 11:19:31 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-04-12 17:00:45 +0100 |
commit | bd25074178f20bf17cb02df949d2c42d8eaa678a (patch) | |
tree | f109d8e0777cc730132fb1e6019fb8ce3972063f /meta/recipes-extended/sudo | |
parent | 8e5c349156fd24c7f779ada29e2de018ad5b15f4 (diff) | |
download | poky-bd25074178f20bf17cb02df949d2c42d8eaa678a.tar.gz |
sudo: update crypt.patch to use backport from upstream
Upstream closed my bug and rewrote the patch, so update our patch with a
backport from upstream.
(From OE-Core rev: 31327bac1e5438a0041638332698a1e1e91640ba)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/sudo')
-rw-r--r-- | meta/recipes-extended/sudo/files/crypt.patch | 112 |
1 files changed, 94 insertions, 18 deletions
diff --git a/meta/recipes-extended/sudo/files/crypt.patch b/meta/recipes-extended/sudo/files/crypt.patch index 53a257f52c..d0622d372c 100644 --- a/meta/recipes-extended/sudo/files/crypt.patch +++ b/meta/recipes-extended/sudo/files/crypt.patch | |||
@@ -1,24 +1,100 @@ | |||
1 | Staring from glibc 2.17 the crypt() function will error out and return NULL if | 1 | Upstream-Status: Backport |
2 | the seed or "correct" is invalid. The failure case for this is the sudo user | ||
3 | having a locked account in /etc/shadow, so their password is "!", which is an | ||
4 | invalid hash. crypt() never returned NULL previously so this is crashing in | ||
5 | strcmp(). | ||
6 | |||
7 | Upstream-Status: Pending | ||
8 | Signed-off-by: Ross Burton <ross.burton@intel.com> | 2 | Signed-off-by: Ross Burton <ross.burton@intel.com> |
9 | 3 | ||
10 | Index: sudo-1.8.6p7/plugins/sudoers/auth/passwd.c | 4 | # HG changeset patch |
11 | =================================================================== | 5 | # User Todd C. Miller <Todd.Miller@courtesan.com> |
12 | --- sudo-1.8.6p7.orig/plugins/sudoers/auth/passwd.c 2013-04-11 15:26:28.456416867 +0100 | 6 | # Date 1365700240 14400 |
13 | +++ sudo-1.8.6p7/plugins/sudoers/auth/passwd.c 2013-04-11 15:31:31.156421718 +0100 | 7 | # Node ID 887b9df243df5254e56c467a016f1b0a7a8507dd |
14 | @@ -96,7 +96,9 @@ | 8 | # Parent fd7eda53cdd76aaf8336800c61005ae93de95ac7 |
9 | Check for crypt() returning NULL. Traditionally, crypt() never returned | ||
10 | NULL but newer versions of eglibc have a crypt() that does. Bug #598 | ||
11 | |||
12 | diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/passwd.c | ||
13 | --- a/plugins/sudoers/auth/passwd.c Thu Apr 11 09:09:53 2013 -0400 | ||
14 | +++ b/plugins/sudoers/auth/passwd.c Thu Apr 11 13:10:40 2013 -0400 | ||
15 | @@ -68,15 +68,15 @@ | ||
16 | char sav, *epass; | ||
17 | char *pw_epasswd = auth->data; | ||
18 | size_t pw_len; | ||
19 | - int error; | ||
20 | + int matched = 0; | ||
21 | debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH) | ||
22 | |||
23 | pw_len = strlen(pw_epasswd); | ||
24 | |||
25 | #ifdef HAVE_GETAUTHUID | ||
26 | /* Ultrix shadow passwords may use crypt16() */ | ||
27 | - error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd)); | ||
28 | - if (!error) | ||
29 | + epass = (char *) crypt16(pass, pw_epasswd); | ||
30 | + if (epass != NULL && strcmp(pw_epasswd, epass) == 0) | ||
31 | debug_return_int(AUTH_SUCCESS); | ||
32 | #endif /* HAVE_GETAUTHUID */ | ||
33 | |||
34 | @@ -95,12 +95,14 @@ | ||
15 | */ | 35 | */ |
16 | epass = (char *) crypt(pass, pw_epasswd); | 36 | epass = (char *) crypt(pass, pw_epasswd); |
17 | pass[8] = sav; | 37 | pass[8] = sav; |
18 | - if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) | 38 | - if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) |
19 | + if (epass == NULL) | 39 | - error = strncmp(pw_epasswd, epass, DESLEN); |
20 | + error = AUTH_FAILURE; | 40 | - else |
21 | + else if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) | 41 | - error = strcmp(pw_epasswd, epass); |
22 | error = strncmp(pw_epasswd, epass, DESLEN); | 42 | + if (epass != NULL) { |
23 | else | 43 | + if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) |
24 | error = strcmp(pw_epasswd, epass); | 44 | + matched = !strncmp(pw_epasswd, epass, DESLEN); |
45 | + else | ||
46 | + matched = !strcmp(pw_epasswd, epass); | ||
47 | + } | ||
48 | |||
49 | - debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS); | ||
50 | + debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE); | ||
51 | } | ||
52 | |||
53 | int | ||
54 | diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/secureware.c | ||
55 | --- a/plugins/sudoers/auth/secureware.c Thu Apr 11 09:09:53 2013 -0400 | ||
56 | +++ b/plugins/sudoers/auth/secureware.c Thu Apr 11 13:10:40 2013 -0400 | ||
57 | @@ -73,30 +73,28 @@ | ||
58 | sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth) | ||
59 | { | ||
60 | char *pw_epasswd = auth->data; | ||
61 | + char *epass = NULL; | ||
62 | debug_decl(sudo_secureware_verify, SUDO_DEBUG_AUTH) | ||
63 | #ifdef __alpha | ||
64 | { | ||
65 | extern int crypt_type; | ||
66 | |||
67 | -# ifdef HAVE_DISPCRYPT | ||
68 | - if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0) | ||
69 | - debug_return_int(AUTH_SUCCESS); | ||
70 | -# else | ||
71 | - if (crypt_type == AUTH_CRYPT_BIGCRYPT) { | ||
72 | - if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0) | ||
73 | - debug_return_int(AUTH_SUCCESS); | ||
74 | - } else if (crypt_type == AUTH_CRYPT_CRYPT16) { | ||
75 | - if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0) | ||
76 | - debug_return_int(AUTH_SUCCESS); | ||
77 | - } | ||
78 | +# ifdef HAVE_DISPCRYPT | ||
79 | + epass = dispcrypt(pass, pw_epasswd, crypt_type); | ||
80 | +# else | ||
81 | + if (crypt_type == AUTH_CRYPT_BIGCRYPT) | ||
82 | + epass = bigcrypt(pass, pw_epasswd); | ||
83 | + else if (crypt_type == AUTH_CRYPT_CRYPT16) | ||
84 | + epass = crypt(pass, pw_epasswd); | ||
85 | } | ||
86 | -# endif /* HAVE_DISPCRYPT */ | ||
87 | +# endif /* HAVE_DISPCRYPT */ | ||
88 | #elif defined(HAVE_BIGCRYPT) | ||
89 | - if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0) | ||
90 | - debug_return_int(AUTH_SUCCESS); | ||
91 | + epass = bigcrypt(pass, pw_epasswd); | ||
92 | #endif /* __alpha */ | ||
93 | |||
94 | - debug_return_int(AUTH_FAILURE); | ||
95 | + if (epass != NULL && strcmp(pw_epasswd, epass) == 0) | ||
96 | + debug_return_int(AUTH_SUCCESS); | ||
97 | + debug_return_int(AUTH_FAILURE); | ||
98 | } | ||
99 | |||
100 | int | ||