summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/sudo
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@intel.com>2013-04-12 11:19:31 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-04-12 17:00:45 +0100
commitbd25074178f20bf17cb02df949d2c42d8eaa678a (patch)
treef109d8e0777cc730132fb1e6019fb8ce3972063f /meta/recipes-extended/sudo
parent8e5c349156fd24c7f779ada29e2de018ad5b15f4 (diff)
downloadpoky-bd25074178f20bf17cb02df949d2c42d8eaa678a.tar.gz
sudo: update crypt.patch to use backport from upstream
Upstream closed my bug and rewrote the patch, so update our patch with a backport from upstream. (From OE-Core rev: 31327bac1e5438a0041638332698a1e1e91640ba) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/sudo')
-rw-r--r--meta/recipes-extended/sudo/files/crypt.patch112
1 files changed, 94 insertions, 18 deletions
diff --git a/meta/recipes-extended/sudo/files/crypt.patch b/meta/recipes-extended/sudo/files/crypt.patch
index 53a257f52c..d0622d372c 100644
--- a/meta/recipes-extended/sudo/files/crypt.patch
+++ b/meta/recipes-extended/sudo/files/crypt.patch
@@ -1,24 +1,100 @@
1Staring from glibc 2.17 the crypt() function will error out and return NULL if 1Upstream-Status: Backport
2the seed or "correct" is invalid. The failure case for this is the sudo user
3having a locked account in /etc/shadow, so their password is "!", which is an
4invalid hash. crypt() never returned NULL previously so this is crashing in
5strcmp().
6
7Upstream-Status: Pending
8Signed-off-by: Ross Burton <ross.burton@intel.com> 2Signed-off-by: Ross Burton <ross.burton@intel.com>
9 3
10Index: sudo-1.8.6p7/plugins/sudoers/auth/passwd.c 4# HG changeset patch
11=================================================================== 5# User Todd C. Miller <Todd.Miller@courtesan.com>
12--- sudo-1.8.6p7.orig/plugins/sudoers/auth/passwd.c 2013-04-11 15:26:28.456416867 +0100 6# Date 1365700240 14400
13+++ sudo-1.8.6p7/plugins/sudoers/auth/passwd.c 2013-04-11 15:31:31.156421718 +0100 7# Node ID 887b9df243df5254e56c467a016f1b0a7a8507dd
14@@ -96,7 +96,9 @@ 8# Parent fd7eda53cdd76aaf8336800c61005ae93de95ac7
9Check for crypt() returning NULL. Traditionally, crypt() never returned
10NULL but newer versions of eglibc have a crypt() that does. Bug #598
11
12diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/passwd.c
13--- a/plugins/sudoers/auth/passwd.c Thu Apr 11 09:09:53 2013 -0400
14+++ b/plugins/sudoers/auth/passwd.c Thu Apr 11 13:10:40 2013 -0400
15@@ -68,15 +68,15 @@
16 char sav, *epass;
17 char *pw_epasswd = auth->data;
18 size_t pw_len;
19- int error;
20+ int matched = 0;
21 debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH)
22
23 pw_len = strlen(pw_epasswd);
24
25 #ifdef HAVE_GETAUTHUID
26 /* Ultrix shadow passwords may use crypt16() */
27- error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd));
28- if (!error)
29+ epass = (char *) crypt16(pass, pw_epasswd);
30+ if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
31 debug_return_int(AUTH_SUCCESS);
32 #endif /* HAVE_GETAUTHUID */
33
34@@ -95,12 +95,14 @@
15 */ 35 */
16 epass = (char *) crypt(pass, pw_epasswd); 36 epass = (char *) crypt(pass, pw_epasswd);
17 pass[8] = sav; 37 pass[8] = sav;
18- if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) 38- if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
19+ if (epass == NULL) 39- error = strncmp(pw_epasswd, epass, DESLEN);
20+ error = AUTH_FAILURE; 40- else
21+ else if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) 41- error = strcmp(pw_epasswd, epass);
22 error = strncmp(pw_epasswd, epass, DESLEN); 42+ if (epass != NULL) {
23 else 43+ if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
24 error = strcmp(pw_epasswd, epass); 44+ matched = !strncmp(pw_epasswd, epass, DESLEN);
45+ else
46+ matched = !strcmp(pw_epasswd, epass);
47+ }
48
49- debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS);
50+ debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE);
51 }
52
53 int
54diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/secureware.c
55--- a/plugins/sudoers/auth/secureware.c Thu Apr 11 09:09:53 2013 -0400
56+++ b/plugins/sudoers/auth/secureware.c Thu Apr 11 13:10:40 2013 -0400
57@@ -73,30 +73,28 @@
58 sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth)
59 {
60 char *pw_epasswd = auth->data;
61+ char *epass = NULL;
62 debug_decl(sudo_secureware_verify, SUDO_DEBUG_AUTH)
63 #ifdef __alpha
64 {
65 extern int crypt_type;
66
67-# ifdef HAVE_DISPCRYPT
68- if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0)
69- debug_return_int(AUTH_SUCCESS);
70-# else
71- if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
72- if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
73- debug_return_int(AUTH_SUCCESS);
74- } else if (crypt_type == AUTH_CRYPT_CRYPT16) {
75- if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0)
76- debug_return_int(AUTH_SUCCESS);
77- }
78+# ifdef HAVE_DISPCRYPT
79+ epass = dispcrypt(pass, pw_epasswd, crypt_type);
80+# else
81+ if (crypt_type == AUTH_CRYPT_BIGCRYPT)
82+ epass = bigcrypt(pass, pw_epasswd);
83+ else if (crypt_type == AUTH_CRYPT_CRYPT16)
84+ epass = crypt(pass, pw_epasswd);
85 }
86-# endif /* HAVE_DISPCRYPT */
87+# endif /* HAVE_DISPCRYPT */
88 #elif defined(HAVE_BIGCRYPT)
89- if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
90- debug_return_int(AUTH_SUCCESS);
91+ epass = bigcrypt(pass, pw_epasswd);
92 #endif /* __alpha */
93
94- debug_return_int(AUTH_FAILURE);
95+ if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
96+ debug_return_int(AUTH_SUCCESS);
97+ debug_return_int(AUTH_FAILURE);
98 }
99
100 int