summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/sudo/files/crypt.patch
blob: d0622d372ce7a478e2a5ef6cb04d9cbb66029161 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@intel.com>

# HG changeset patch
# User Todd C. Miller <Todd.Miller@courtesan.com>
# Date 1365700240 14400
# Node ID 887b9df243df5254e56c467a016f1b0a7a8507dd
# Parent  fd7eda53cdd76aaf8336800c61005ae93de95ac7
Check for crypt() returning NULL.  Traditionally, crypt() never returned
NULL but newer versions of eglibc have a crypt() that does.  Bug #598

diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/passwd.c
--- a/plugins/sudoers/auth/passwd.c	Thu Apr 11 09:09:53 2013 -0400
+++ b/plugins/sudoers/auth/passwd.c	Thu Apr 11 13:10:40 2013 -0400
@@ -68,15 +68,15 @@
     char sav, *epass;
     char *pw_epasswd = auth->data;
     size_t pw_len;
-    int error;
+    int matched = 0;
     debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH)
 
     pw_len = strlen(pw_epasswd);
 
 #ifdef HAVE_GETAUTHUID
     /* Ultrix shadow passwords may use crypt16() */
-    error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd));
-    if (!error)
+    epass = (char *) crypt16(pass, pw_epasswd);
+    if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
 	debug_return_int(AUTH_SUCCESS);
 #endif /* HAVE_GETAUTHUID */
 
@@ -95,12 +95,14 @@
      */
     epass = (char *) crypt(pass, pw_epasswd);
     pass[8] = sav;
-    if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
-	error = strncmp(pw_epasswd, epass, DESLEN);
-    else
-	error = strcmp(pw_epasswd, epass);
+    if (epass != NULL) {
+	if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
+	    matched = !strncmp(pw_epasswd, epass, DESLEN);
+	else
+	    matched = !strcmp(pw_epasswd, epass);
+    }
 
-    debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS);
+    debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE);
 }
 
 int
diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/secureware.c
--- a/plugins/sudoers/auth/secureware.c	Thu Apr 11 09:09:53 2013 -0400
+++ b/plugins/sudoers/auth/secureware.c	Thu Apr 11 13:10:40 2013 -0400
@@ -73,30 +73,28 @@
 sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth)
 {
     char *pw_epasswd = auth->data;
+    char *epass = NULL;
     debug_decl(sudo_secureware_verify, SUDO_DEBUG_AUTH)
 #ifdef __alpha
     {
 	extern int crypt_type;
 
-#  ifdef HAVE_DISPCRYPT
-	if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0)
-	    debug_return_int(AUTH_SUCCESS);
-#  else
-	if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
-	    if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
-		debug_return_int(AUTH_SUCCESS);
-	} else if (crypt_type == AUTH_CRYPT_CRYPT16) {
-	    if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0)
-		debug_return_int(AUTH_SUCCESS);
-	}
+# ifdef HAVE_DISPCRYPT
+	epass = dispcrypt(pass, pw_epasswd, crypt_type);
+# else
+	if (crypt_type == AUTH_CRYPT_BIGCRYPT)
+	    epass = bigcrypt(pass, pw_epasswd);
+	else if (crypt_type == AUTH_CRYPT_CRYPT16)
+	    epass = crypt(pass, pw_epasswd);
     }
-#  endif /* HAVE_DISPCRYPT */
+# endif /* HAVE_DISPCRYPT */
 #elif defined(HAVE_BIGCRYPT)
-    if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
-	debug_return_int(AUTH_SUCCESS);
+    epass = bigcrypt(pass, pw_epasswd);
 #endif /* __alpha */
 
-	debug_return_int(AUTH_FAILURE);
+    if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
+	debug_return_int(AUTH_SUCCESS);
+    debug_return_int(AUTH_FAILURE);
 }
 
 int