1 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424 b/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424
new file mode 100644
index 0000000000..4d3e1e016c
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424
@@ -0,0 +1,46 @@
+From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Fri, 31 Mar 2017 16:25:06 +0200
+Subject: [PATCH] Fix buffer overflow if NULL line is present in db.
+If ptr->line == NULL for an entry, the first cycle will exit,
+but the second one will happily write past entries buffer.
+We actually do not want to exit the first cycle prematurely
+on ptr->line == NULL.
+Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
+CVE: CVE-2017-12424
+Upstream-Status: Backport
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ lib/commonio.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+diff --git a/lib/commonio.c b/lib/commonio.c
+index b10da06..31edbaa 100644
+--- a/lib/commonio.c
+++ b/lib/commonio.c
+@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
+        for (ptr = db->head;
+                (NULL != ptr)
+ #if KEEP_NIS_AT_END
+-            && (NULL != ptr->line)
+-            && (   ('+' != ptr->line[0])
+-                && ('-' != ptr->line[0]))
+            && ((NULL == ptr->line)
+                || (('+' != ptr->line[0])
+                    && ('-' != ptr->line[0])))
+ #endif
+             ;
+             ptr = ptr->next) {
+                n++;
+        }
+ #if KEEP_NIS_AT_END
+-       if ((NULL != ptr) && (NULL != ptr->line)) {
+       if (NULL != ptr) {
+                nis = ptr;
+        }
+ #endif
+-- 
+2.1.0

diff --git a/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424 b/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424 new file mode 100644 index 0000000000..4d3e1e016c --- /dev/null +++ b/meta/recipes-extended/shadow/files/0001-shadow-CVE-2017-12424
@@ -0,0 +1,46 @@
	1	From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001
	2	From: Tomas Mraz <tmraz@fedoraproject.org>
	3	Date: Fri, 31 Mar 2017 16:25:06 +0200
	4	Subject: [PATCH] Fix buffer overflow if NULL line is present in db.
	5
	6	If ptr->line == NULL for an entry, the first cycle will exit,
	7	but the second one will happily write past entries buffer.
	8	We actually do not want to exit the first cycle prematurely
	9	on ptr->line == NULL.
	10	Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
	11
	12	CVE: CVE-2017-12424
	13	Upstream-Status: Backport
	14	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
	15	---
	16	lib/commonio.c \| 8 ++++----
	17	1 file changed, 4 insertions(+), 4 deletions(-)
	18
	19	diff --git a/lib/commonio.c b/lib/commonio.c
	20	index b10da06..31edbaa 100644
	21	--- a/lib/commonio.c
	22	+++ b/lib/commonio.c
	23	@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db db, int (cmp) (const void , const void ))
	24	for (ptr = db->head;
	25	(NULL != ptr)
	26	#if KEEP_NIS_AT_END
	27	- && (NULL != ptr->line)
	28	- && ( ('+' != ptr->line[0])
	29	- && ('-' != ptr->line[0]))
	30	+ && ((NULL == ptr->line)
	31	+ \|\| (('+' != ptr->line[0])
	32	+ && ('-' != ptr->line[0])))
	33	#endif
	34	;
	35	ptr = ptr->next) {
	36	n++;
	37	}
	38	#if KEEP_NIS_AT_END
	39	- if ((NULL != ptr) && (NULL != ptr->line)) {
	40	+ if (NULL != ptr) {
	41	nis = ptr;
	42	}
	43	#endif
	44	--
	45	2.1.0
	46