diff options
Diffstat (limited to 'meta/recipes-extended/pam/libpam/add-checks-for-crypt-returning-NULL.patch')
-rw-r--r-- | meta/recipes-extended/pam/libpam/add-checks-for-crypt-returning-NULL.patch | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-extended/pam/libpam/add-checks-for-crypt-returning-NULL.patch b/meta/recipes-extended/pam/libpam/add-checks-for-crypt-returning-NULL.patch new file mode 100644 index 0000000000..d364cea97e --- /dev/null +++ b/meta/recipes-extended/pam/libpam/add-checks-for-crypt-returning-NULL.patch | |||
@@ -0,0 +1,63 @@ | |||
1 | Backport from linux-pam git repo. | ||
2 | |||
3 | [YOCTO #4107] | ||
4 | |||
5 | Upstream-Status: Backport | ||
6 | |||
7 | Signed-off-by: Kang Kai <kai.kang@windriver.com> | ||
8 | |||
9 | From 8dc056c1c8bc7acb66c4decc49add2c3a24e6310 Mon Sep 17 00:00:00 2001 | ||
10 | From: Tomas Mraz <tmraz@fedoraproject.org> | ||
11 | Date: Fri, 8 Feb 2013 15:04:26 +0100 | ||
12 | Subject: [PATCH] Add checks for crypt() returning NULL. | ||
13 | |||
14 | modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return. | ||
15 | modules/pam_unix/bigcrypt.c (bigcrypt): Likewise. | ||
16 | --- | ||
17 | modules/pam_pwhistory/opasswd.c | 2 +- | ||
18 | modules/pam_unix/bigcrypt.c | 9 +++++++++ | ||
19 | 2 files changed, 10 insertions(+), 1 deletions(-) | ||
20 | |||
21 | diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c | ||
22 | index 274fdb9..836d713 100644 | ||
23 | --- a/modules/pam_pwhistory/opasswd.c | ||
24 | +++ b/modules/pam_pwhistory/opasswd.c | ||
25 | @@ -108,7 +108,7 @@ compare_password(const char *newpass, const char *oldpass) | ||
26 | outval = crypt (newpass, oldpass); | ||
27 | #endif | ||
28 | |||
29 | - return strcmp(outval, oldpass) == 0; | ||
30 | + return outval != NULL && strcmp(outval, oldpass) == 0; | ||
31 | } | ||
32 | |||
33 | /* Check, if the new password is already in the opasswd file. */ | ||
34 | diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c | ||
35 | index e10d1c5..e1d57a0 100644 | ||
36 | --- a/modules/pam_unix/bigcrypt.c | ||
37 | +++ b/modules/pam_unix/bigcrypt.c | ||
38 | @@ -109,6 +109,10 @@ char *bigcrypt(const char *key, const char *salt) | ||
39 | #else | ||
40 | tmp_ptr = crypt(plaintext_ptr, salt); /* libc crypt() */ | ||
41 | #endif | ||
42 | + if (tmp_ptr == NULL) { | ||
43 | + free(dec_c2_cryptbuf); | ||
44 | + return NULL; | ||
45 | + } | ||
46 | /* and place in the static area */ | ||
47 | strncpy(cipher_ptr, tmp_ptr, 13); | ||
48 | cipher_ptr += ESEGMENT_SIZE + SALT_SIZE; | ||
49 | @@ -130,6 +134,11 @@ char *bigcrypt(const char *key, const char *salt) | ||
50 | #else | ||
51 | tmp_ptr = crypt(plaintext_ptr, salt_ptr); | ||
52 | #endif | ||
53 | + if (tmp_ptr == NULL) { | ||
54 | + _pam_overwrite(dec_c2_cryptbuf); | ||
55 | + free(dec_c2_cryptbuf); | ||
56 | + return NULL; | ||
57 | + } | ||
58 | |||
59 | /* skip the salt for seg!=0 */ | ||
60 | strncpy(cipher_ptr, (tmp_ptr + SALT_SIZE), ESEGMENT_SIZE); | ||
61 | -- | ||
62 | 1.7.5.4 | ||
63 | |||