rev 7236 - in trunk/packages/kdebase/debian: . patches

Wed Sep 19 18:31:01 UTC 2007

Author: pusling-guest
Date: 2007-09-19 18:31:00 +0000 (Wed, 19 Sep 2007)
New Revision: 7236

Added:
   trunk/packages/kdebase/debian/patches/51_CVE-2007-4569-kdm-autologin.diff
Modified:
   trunk/packages/kdebase/debian/changelog
Log:
CVE-2007-4569 - kdm issues


Modified: trunk/packages/kdebase/debian/changelog
===================================================================

--- trunk/packages/kdebase/debian/changelog	2007-09-17 23:51:07 UTC (rev 7235)
+++ trunk/packages/kdebase/debian/changelog	2007-09-19 18:31:00 UTC (rev 7236)
@@ -1,3 +1,10 @@
+kdebase (4:3.5.7-4) unstable; urgency=low
+
+  * Add patch to fix unauthorized login problem in kdm.
+    CVE-2007-4569.
+
+ -- Sune Vuorela <debian at pusling.com>  Wed, 19 Sep 2007 20:30:01 +0200
+
 kdebase (4:3.5.7-3) unstable; urgency=low
 
   +++ Changes by Ana Beatriz Guerrero Lopez:

Added: trunk/packages/kdebase/debian/patches/51_CVE-2007-4569-kdm-autologin.diff
===================================================================
--- trunk/packages/kdebase/debian/patches/51_CVE-2007-4569-kdm-autologin.diff	                        (rev 0)
+++ trunk/packages/kdebase/debian/patches/51_CVE-2007-4569-kdm-autologin.diff	2007-09-19 18:31:00 UTC (rev 7236)
@@ -0,0 +1,63 @@
+--- kdm/backend/session.c
++++ kdm/bakcend/session.c
+@@ -121,8 +121,9 @@
+ static void
+ DoAutoLogon( void )
+ {
+-	StrDup( &curuser, td->autoUser );
+-	StrDup( &curpass, td->autoPass );
++	ReStr( &curuser, td->autoUser );
++	ReStr( &curpass, td->autoPass );
++	ReStr( &curtype, "classic" );
+ 	cursource = PWSRC_AUTOLOGIN;
+ }
+ 
+@@ -141,7 +142,9 @@
+ 		td->hstent->npass = 0;
+ 		newdmrc = td->hstent->nargs;
+ 		td->hstent->nargs = 0;
++		ReStr( &curtype, "classic" );
+ 		cursource = (td->hstent->rLogin == 1) ? PWSRC_RELOGIN : PWSRC_MANUAL;
++		return 1;
+ 	} else if (*td->autoUser && !td->autoDelay && (tdiff > 0 || td->autoAgain))
+ 	{
+ 		unsigned int lmask;
+@@ -153,11 +156,9 @@
+ 		if (lmask & ShiftMask)
+ 			return 0;
+ 		DoAutoLogon();
+-	} else {
+-		cursource = PWSRC_MANUAL;
+-		return 0;
++		return 1;
+ 	}
+-	return 1;
++	return 0;
+ }
+ 
+ 
+@@ -369,6 +370,7 @@
+ 			if (curtype) free( curtype );
+ 			curtype = GRecvStr();
+ 			Debug( " type %\"s\n", curtype );
++			cursource = PWSRC_MANUAL;
+ 			if (Verify( conv_interact, rootok )) {
+ 				Debug( " -> return success\n" );
+ 				GSendInt( V_OK );
+@@ -378,7 +380,6 @@
+ 		case G_AutoLogin:
+ 			Debug( "G_AutoLogin\n" );
+ 			DoAutoLogon();
+-			StrDup( &curtype, "classic" );
+ 			if (Verify( conv_auto, FALSE )) {
+ 				Debug( " -> return success\n" );
+ 				GSendInt( V_OK );
+@@ -565,7 +566,7 @@
+ 	tdiff = td->autoAgain ? 
+ 	           1 : time( 0 ) - td->hstent->lastExit - td->openDelay;
+ 	if (AutoLogon( tdiff )) {
+-		if (!StrDup( &curtype, "classic" ) || !Verify( conv_auto, FALSE ))
++		if (!Verify( conv_auto, FALSE ))
+ 			goto gcont;
+ 		if (greeter)
+ 			GSendInt( V_OK );


