sudo: update crypt.patch to use backport from upstream

Upstream closed my bug and rewrote the patch, so update our patch with a backport from upstream. (From OE-Core rev: 31327bac1e5438a0041638332698a1e1e91640ba) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@intel.com> 2013-04-12 11:19:31 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2013-04-12 17:00:45 +0100
commit: bd25074178f20bf17cb02df949d2c42d8eaa678a (patch)
tree: f109d8e0777cc730132fb1e6019fb8ce3972063f /meta/recipes-extended
parent: 8e5c349156fd24c7f779ada29e2de018ad5b15f4 (diff)
download: poky-bd25074178f20bf17cb02df949d2c42d8eaa678a.tar.gz
1 files changed, 94 insertions, 18 deletions
diff --git a/meta/recipes-extended/sudo/files/crypt.patch b/meta/recipes-extended/sudo/files/crypt.patch
index 53a257f52c..d0622d372c 100644
--- a/meta/recipes-extended/sudo/files/crypt.patch
+++ b/meta/recipes-extended/sudo/files/crypt.patch
@@ -1,24 +1,100 @@
-Staring from glibc 2.17 the crypt() function will error out and return NULL if
+Upstream-Status: Backport
-the seed or "correct" is invalid. The failure case for this is the sudo user
-having a locked account in /etc/shadow, so their password is "!", which is an
-invalid hash.  crypt() never returned NULL previously so this is crashing in
-strcmp().
-Upstream-Status: Pending
 Signed-off-by: Ross Burton <ross.burton@intel.com>
-Index: sudo-1.8.6p7/plugins/sudoers/auth/passwd.c
+# HG changeset patch
-===================================================================
+# User Todd C. Miller <Todd.Miller@courtesan.com>
--- sudo-1.8.6p7.orig/plugins/sudoers/auth/passwd.c     2013-04-11 15:26:28.456416867 +0100
+# Date 1365700240 14400
-+++ sudo-1.8.6p7/plugins/sudoers/auth/passwd.c  2013-04-11 15:31:31.156421718 +0100
+# Node ID 887b9df243df5254e56c467a016f1b0a7a8507dd
-@@ -96,7 +96,9 @@
+# Parent  fd7eda53cdd76aaf8336800c61005ae93de95ac7
+Check for crypt() returning NULL.  Traditionally, crypt() never returned
+NULL but newer versions of eglibc have a crypt() that does.  Bug #598
+diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/passwd.c
+--- a/plugins/sudoers/auth/passwd.c     Thu Apr 11 09:09:53 2013 -0400
+++ b/plugins/sudoers/auth/passwd.c     Thu Apr 11 13:10:40 2013 -0400
+@@ -68,15 +68,15 @@
+     char sav, *epass;
+     char *pw_epasswd = auth->data;
+     size_t pw_len;
+-    int error;
+    int matched = 0;
+     debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH)
+ 
+     pw_len = strlen(pw_epasswd);
+ 
+ #ifdef HAVE_GETAUTHUID
+     /* Ultrix shadow passwords may use crypt16() */
+-    error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd));
+-    if (!error)
+    epass = (char *) crypt16(pass, pw_epasswd);
+    if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
+        debug_return_int(AUTH_SUCCESS);
+ #endif /* HAVE_GETAUTHUID */
+ 
+@@ -95,12 +95,14 @@
      */
     epass = (char *) crypt(pass, pw_epasswd);
     pass[8] = sav;
 -    if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
-+    if (epass == NULL)
+-       error = strncmp(pw_epasswd, epass, DESLEN);
-+       error = AUTH_FAILURE;
+-    else
-+    else if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
+-       error = strcmp(pw_epasswd, epass);
-        error = strncmp(pw_epasswd, epass, DESLEN);
+    if (epass != NULL) {
-     else
+       if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
-        error = strcmp(pw_epasswd, epass);
+           matched = !strncmp(pw_epasswd, epass, DESLEN);
+       else
+           matched = !strcmp(pw_epasswd, epass);
+    }
+ 
+-    debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS);
+    debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE);
+ }
+ 
+ int
+diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/secureware.c
+--- a/plugins/sudoers/auth/secureware.c Thu Apr 11 09:09:53 2013 -0400
+++ b/plugins/sudoers/auth/secureware.c Thu Apr 11 13:10:40 2013 -0400
+@@ -73,30 +73,28 @@
+ sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth)
+ {
+     char *pw_epasswd = auth->data;
+    char *epass = NULL;
+     debug_decl(sudo_secureware_verify, SUDO_DEBUG_AUTH)
+ #ifdef __alpha
+     {
+        extern int crypt_type;
+ 
+-#  ifdef HAVE_DISPCRYPT
+-       if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0)
+-           debug_return_int(AUTH_SUCCESS);
+-#  else
+-       if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
+-           if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
+-               debug_return_int(AUTH_SUCCESS);
+-       } else if (crypt_type == AUTH_CRYPT_CRYPT16) {
+-           if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0)
+-               debug_return_int(AUTH_SUCCESS);
+-       }
+# ifdef HAVE_DISPCRYPT
+       epass = dispcrypt(pass, pw_epasswd, crypt_type);
+# else
+       if (crypt_type == AUTH_CRYPT_BIGCRYPT)
+           epass = bigcrypt(pass, pw_epasswd);
+       else if (crypt_type == AUTH_CRYPT_CRYPT16)
+           epass = crypt(pass, pw_epasswd);
+     }
+-#  endif /* HAVE_DISPCRYPT */
+# endif /* HAVE_DISPCRYPT */
+ #elif defined(HAVE_BIGCRYPT)
+-    if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
+-       debug_return_int(AUTH_SUCCESS);
+    epass = bigcrypt(pass, pw_epasswd);
+ #endif /* __alpha */
+ 
+-       debug_return_int(AUTH_FAILURE);
+    if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
+       debug_return_int(AUTH_SUCCESS);
+    debug_return_int(AUTH_FAILURE);
+ }
+ 
+ int
author	Ross Burton <ross.burton@intel.com>	2013-04-12 11:19:31 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2013-04-12 17:00:45 +0100
commit	bd25074178f20bf17cb02df949d2c42d8eaa678a (patch)
tree	f109d8e0777cc730132fb1e6019fb8ce3972063f /meta/recipes-extended
parent	8e5c349156fd24c7f779ada29e2de018ad5b15f4 (diff)
download	poky-bd25074178f20bf17cb02df949d2c42d8eaa678a.tar.gz

diff --git a/meta/recipes-extended/sudo/files/crypt.patch b/meta/recipes-extended/sudo/files/crypt.patch index 53a257f52c..d0622d372c 100644 --- a/meta/recipes-extended/sudo/files/crypt.patch +++ b/meta/recipes-extended/sudo/files/crypt.patch
@@ -1,24 +1,100 @@
1	Staring from glibc 2.17 the crypt() function will error out and return NULL if	1	Upstream-Status: Backport
2	the seed or "correct" is invalid. The failure case for this is the sudo user
3	having a locked account in /etc/shadow, so their password is "!", which is an
4	invalid hash. crypt() never returned NULL previously so this is crashing in
5	strcmp().
6
7	Upstream-Status: Pending
8	Signed-off-by: Ross Burton <ross.burton@intel.com>	2	Signed-off-by: Ross Burton <ross.burton@intel.com>
9		3
10	Index: sudo-1.8.6p7/plugins/sudoers/auth/passwd.c	4	# HG changeset patch
11	===================================================================	5	# User Todd C. Miller <Todd.Miller@courtesan.com>
12	--- sudo-1.8.6p7.orig/plugins/sudoers/auth/passwd.c 2013-04-11 15:26:28.456416867 +0100	6	# Date 1365700240 14400
13	+++ sudo-1.8.6p7/plugins/sudoers/auth/passwd.c 2013-04-11 15:31:31.156421718 +0100	7	# Node ID 887b9df243df5254e56c467a016f1b0a7a8507dd
14	@@ -96,7 +96,9 @@	8	# Parent fd7eda53cdd76aaf8336800c61005ae93de95ac7
		9	Check for crypt() returning NULL. Traditionally, crypt() never returned
		10	NULL but newer versions of eglibc have a crypt() that does. Bug #598
		11
		12	diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/passwd.c
		13	--- a/plugins/sudoers/auth/passwd.c Thu Apr 11 09:09:53 2013 -0400
		14	+++ b/plugins/sudoers/auth/passwd.c Thu Apr 11 13:10:40 2013 -0400
		15	@@ -68,15 +68,15 @@
		16	char sav, *epass;
		17	char *pw_epasswd = auth->data;
		18	size_t pw_len;
		19	- int error;
		20	+ int matched = 0;
		21	debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH)
		22
		23	pw_len = strlen(pw_epasswd);
		24
		25	#ifdef HAVE_GETAUTHUID
		26	/* Ultrix shadow passwords may use crypt16() */
		27	- error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd));
		28	- if (!error)
		29	+ epass = (char *) crypt16(pass, pw_epasswd);
		30	+ if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
		31	debug_return_int(AUTH_SUCCESS);
		32	#endif /* HAVE_GETAUTHUID */
		33
		34	@@ -95,12 +95,14 @@
15	*/	35	*/
16	epass = (char *) crypt(pass, pw_epasswd);	36	epass = (char *) crypt(pass, pw_epasswd);
17	pass[8] = sav;	37	pass[8] = sav;
18	- if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)	38	- if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
19	+ if (epass == NULL)	39	- error = strncmp(pw_epasswd, epass, DESLEN);
20	+ error = AUTH_FAILURE;	40	- else
21	+ else if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)	41	- error = strcmp(pw_epasswd, epass);
22	error = strncmp(pw_epasswd, epass, DESLEN);	42	+ if (epass != NULL) {
23	else	43	+ if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
24	error = strcmp(pw_epasswd, epass);	44	+ matched = !strncmp(pw_epasswd, epass, DESLEN);
		45	+ else
		46	+ matched = !strcmp(pw_epasswd, epass);
		47	+ }
		48
		49	- debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS);
		50	+ debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE);
		51	}
		52
		53	int
		54	diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/secureware.c
		55	--- a/plugins/sudoers/auth/secureware.c Thu Apr 11 09:09:53 2013 -0400
		56	+++ b/plugins/sudoers/auth/secureware.c Thu Apr 11 13:10:40 2013 -0400
		57	@@ -73,30 +73,28 @@
		58	sudo_secureware_verify(struct passwd pw, char pass, sudo_auth *auth)
		59	{
		60	char *pw_epasswd = auth->data;
		61	+ char *epass = NULL;
		62	debug_decl(sudo_secureware_verify, SUDO_DEBUG_AUTH)
		63	#ifdef __alpha
		64	{
		65	extern int crypt_type;
		66
		67	-# ifdef HAVE_DISPCRYPT
		68	- if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0)
		69	- debug_return_int(AUTH_SUCCESS);
		70	-# else
		71	- if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
		72	- if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
		73	- debug_return_int(AUTH_SUCCESS);
		74	- } else if (crypt_type == AUTH_CRYPT_CRYPT16) {
		75	- if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0)
		76	- debug_return_int(AUTH_SUCCESS);
		77	- }
		78	+# ifdef HAVE_DISPCRYPT
		79	+ epass = dispcrypt(pass, pw_epasswd, crypt_type);
		80	+# else
		81	+ if (crypt_type == AUTH_CRYPT_BIGCRYPT)
		82	+ epass = bigcrypt(pass, pw_epasswd);
		83	+ else if (crypt_type == AUTH_CRYPT_CRYPT16)
		84	+ epass = crypt(pass, pw_epasswd);
		85	}
		86	-# endif /* HAVE_DISPCRYPT */
		87	+# endif /* HAVE_DISPCRYPT */
		88	#elif defined(HAVE_BIGCRYPT)
		89	- if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
		90	- debug_return_int(AUTH_SUCCESS);
		91	+ epass = bigcrypt(pass, pw_epasswd);
		92	#endif /* __alpha */
		93
		94	- debug_return_int(AUTH_FAILURE);
		95	+ if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
		96	+ debug_return_int(AUTH_SUCCESS);
		97	+ debug_return_int(AUTH_FAILURE);
		98	}
		99
		100	int