1 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-extended/pam/libpam/add-checks-for-crypt-returning-NULL.patch b/meta/recipes-extended/pam/libpam/add-checks-for-crypt-returning-NULL.patch
new file mode 100644
index 0000000000..d364cea97e
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam/add-checks-for-crypt-returning-NULL.patch
@@ -0,0 +1,63 @@
+Backport from linux-pam git repo.
+[YOCTO #4107]
+Upstream-Status: Backport
+Signed-off-by: Kang Kai <kai.kang@windriver.com>
+From 8dc056c1c8bc7acb66c4decc49add2c3a24e6310 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Fri, 8 Feb 2013 15:04:26 +0100
+Subject: [PATCH] Add checks for crypt() returning NULL.
+modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return.
+modules/pam_unix/bigcrypt.c (bigcrypt): Likewise.
+---
+ modules/pam_pwhistory/opasswd.c |    2 +-
+ modules/pam_unix/bigcrypt.c     |    9 +++++++++
+ 2 files changed, 10 insertions(+), 1 deletions(-)
+diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c
+index 274fdb9..836d713 100644
+--- a/modules/pam_pwhistory/opasswd.c
+++ b/modules/pam_pwhistory/opasswd.c
+@@ -108,7 +108,7 @@ compare_password(const char *newpass, const char *oldpass)
+   outval = crypt (newpass, oldpass);
+ #endif
+ 
+-  return strcmp(outval, oldpass) == 0;
+  return outval != NULL && strcmp(outval, oldpass) == 0;
+ }
+ 
+ /* Check, if the new password is already in the opasswd file.  */
+diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
+index e10d1c5..e1d57a0 100644
+--- a/modules/pam_unix/bigcrypt.c
+++ b/modules/pam_unix/bigcrypt.c
+@@ -109,6 +109,10 @@ char *bigcrypt(const char *key, const char *salt)
+ #else
+        tmp_ptr = crypt(plaintext_ptr, salt);   /* libc crypt() */
+ #endif
+       if (tmp_ptr == NULL) {
+               free(dec_c2_cryptbuf);
+               return NULL;
+       }
+        /* and place in the static area */
+        strncpy(cipher_ptr, tmp_ptr, 13);
+        cipher_ptr += ESEGMENT_SIZE + SALT_SIZE;
+@@ -130,6 +134,11 @@ char *bigcrypt(const char *key, const char *salt)
+ #else
+                        tmp_ptr = crypt(plaintext_ptr, salt_ptr);
+ #endif
+                       if (tmp_ptr == NULL) {
+                               _pam_overwrite(dec_c2_cryptbuf);
+                               free(dec_c2_cryptbuf);
+                               return NULL;
+                       }
+ 
+                        /* skip the salt for seg!=0 */
+                        strncpy(cipher_ptr, (tmp_ptr + SALT_SIZE), ESEGMENT_SIZE);
+-- 
+1.7.5.4

diff --git a/meta/recipes-extended/pam/libpam/add-checks-for-crypt-returning-NULL.patch b/meta/recipes-extended/pam/libpam/add-checks-for-crypt-returning-NULL.patch new file mode 100644 index 0000000000..d364cea97e --- /dev/null +++ b/meta/recipes-extended/pam/libpam/add-checks-for-crypt-returning-NULL.patch
@@ -0,0 +1,63 @@
	1	Backport from linux-pam git repo.
	2
	3	[YOCTO #4107]
	4
	5	Upstream-Status: Backport
	6
	7	Signed-off-by: Kang Kai <kai.kang@windriver.com>
	8
	9	From 8dc056c1c8bc7acb66c4decc49add2c3a24e6310 Mon Sep 17 00:00:00 2001
	10	From: Tomas Mraz <tmraz@fedoraproject.org>
	11	Date: Fri, 8 Feb 2013 15:04:26 +0100
	12	Subject: [PATCH] Add checks for crypt() returning NULL.
	13
	14	modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return.
	15	modules/pam_unix/bigcrypt.c (bigcrypt): Likewise.
	16	---
	17	modules/pam_pwhistory/opasswd.c \| 2 +-
	18	modules/pam_unix/bigcrypt.c \| 9 +++++++++
	19	2 files changed, 10 insertions(+), 1 deletions(-)
	20
	21	diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c
	22	index 274fdb9..836d713 100644
	23	--- a/modules/pam_pwhistory/opasswd.c
	24	+++ b/modules/pam_pwhistory/opasswd.c
	25	@@ -108,7 +108,7 @@ compare_password(const char newpass, const char oldpass)
	26	outval = crypt (newpass, oldpass);
	27	#endif
	28
	29	- return strcmp(outval, oldpass) == 0;
	30	+ return outval != NULL && strcmp(outval, oldpass) == 0;
	31	}
	32
	33	/* Check, if the new password is already in the opasswd file. */
	34	diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
	35	index e10d1c5..e1d57a0 100644
	36	--- a/modules/pam_unix/bigcrypt.c
	37	+++ b/modules/pam_unix/bigcrypt.c
	38	@@ -109,6 +109,10 @@ char bigcrypt(const char key, const char *salt)
	39	#else
	40	tmp_ptr = crypt(plaintext_ptr, salt); /* libc crypt() */
	41	#endif
	42	+ if (tmp_ptr == NULL) {
	43	+ free(dec_c2_cryptbuf);
	44	+ return NULL;
	45	+ }
	46	/* and place in the static area */
	47	strncpy(cipher_ptr, tmp_ptr, 13);
	48	cipher_ptr += ESEGMENT_SIZE + SALT_SIZE;
	49	@@ -130,6 +134,11 @@ char bigcrypt(const char key, const char *salt)
	50	#else
	51	tmp_ptr = crypt(plaintext_ptr, salt_ptr);
	52	#endif
	53	+ if (tmp_ptr == NULL) {
	54	+ _pam_overwrite(dec_c2_cryptbuf);
	55	+ free(dec_c2_cryptbuf);
	56	+ return NULL;
	57	+ }
	58
	59	/* skip the salt for seg!=0 */
	60	strncpy(cipher_ptr, (tmp_ptr + SALT_SIZE), ESEGMENT_SIZE);
	61	--
	62	1.7.5.4
	63