From 2d94f1bde7c63b56b33bef34573211ecbeffaf44 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Thu, 11 Apr 2013 15:57:58 +0100
Subject: sudo: handle glibc 2.17 crypt semantics

Staring from glibc 2.17 the crypt() function will error out and return NULL if
the seed or "correct" is invalid. The failure case for this is the sudo user
having a locked account in /etc/shadow, so their password is "!", which is an
invalid hash.  crypt() never returned NULL previously so this is crashing in
strcmp().

[ YOCTO #4241 ]

(From OE-Core rev: 06d7078f7631b92e8b789f8e94a3a346d8181ce6)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-extended/sudo/files/crypt.patch | 24 ++++++++++++++++++++++++
 meta/recipes-extended/sudo/sudo_1.8.6p7.bb   |  1 +
 2 files changed, 25 insertions(+)
 create mode 100644 meta/recipes-extended/sudo/files/crypt.patch

(limited to 'meta/recipes-extended/sudo')

diff --git a/meta/recipes-extended/sudo/files/crypt.patch b/meta/recipes-extended/sudo/files/crypt.patch
new file mode 100644
index 0000000000..53a257f52c
--- /dev/null
+++ b/meta/recipes-extended/sudo/files/crypt.patch
@@ -0,0 +1,24 @@
+Staring from glibc 2.17 the crypt() function will error out and return NULL if
+the seed or "correct" is invalid. The failure case for this is the sudo user
+having a locked account in /etc/shadow, so their password is "!", which is an
+invalid hash.  crypt() never returned NULL previously so this is crashing in
+strcmp().
+
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+Index: sudo-1.8.6p7/plugins/sudoers/auth/passwd.c
+===================================================================
+--- sudo-1.8.6p7.orig/plugins/sudoers/auth/passwd.c	2013-04-11 15:26:28.456416867 +0100
++++ sudo-1.8.6p7/plugins/sudoers/auth/passwd.c	2013-04-11 15:31:31.156421718 +0100
+@@ -96,7 +96,9 @@
+      */
+     epass = (char *) crypt(pass, pw_epasswd);
+     pass[8] = sav;
+-    if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
++    if (epass == NULL)
++	error = AUTH_FAILURE;
++    else if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
+ 	error = strncmp(pw_epasswd, epass, DESLEN);
+     else
+ 	error = strcmp(pw_epasswd, epass);
diff --git a/meta/recipes-extended/sudo/sudo_1.8.6p7.bb b/meta/recipes-extended/sudo/sudo_1.8.6p7.bb
index b79d0d58d8..7198fd3c14 100644
--- a/meta/recipes-extended/sudo/sudo_1.8.6p7.bb
+++ b/meta/recipes-extended/sudo/sudo_1.8.6p7.bb
@@ -4,6 +4,7 @@ PR = "r0"
 
 SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
            file://libtool.patch \
+           file://crypt.patch \
            ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
 
 PAM_SRC_URI = "file://sudo.pam"
-- 
cgit v1.2.3-54-g00ecf