[Pkg-shadow-commits] r1047 - in trunk/debian: . patches

Fri Jul 14 07:28:22 UTC 2006

Author: bubulle
Date: 2006-07-14 07:28:17 +0000 (Fri, 14 Jul 2006)
New Revision: 1047

Added:
   trunk/debian/patches/495_salt_stack_smash
Modified:
   trunk/debian/changelog
   trunk/debian/patches/series
Log:
Fix for #377825

Modified: trunk/debian/changelog
===================================================================

--- trunk/debian/changelog	2006-07-13 06:17:44 UTC (rev 1046)
+++ trunk/debian/changelog	2006-07-14 07:28:17 UTC (rev 1047)
@@ -1,3 +1,12 @@
+shadow (1:4.0.17-2) UNRELEASED; urgency=low
+
+  * The "Selles sur Cher" release
+  * Upstream bugs not yet fixed in upstream releases or CVS:
+    - 495_salt_stack_smash: chpasswd/chgpasswd does not break if compiled
+      with SSP. Closes: #377825
+
+ -- Christian Perrier <bubulle at debian.org>  Fri, 14 Jul 2006 09:25:26 +0200
+
 shadow (1:4.0.17-1) unstable; urgency=low
 
   * The "Sainte-maure de Touraine" release

Added: trunk/debian/patches/495_salt_stack_smash
===================================================================
--- trunk/debian/patches/495_salt_stack_smash	2006-07-13 06:17:44 UTC (rev 1046)
+++ trunk/debian/patches/495_salt_stack_smash	2006-07-14 07:28:17 UTC (rev 1047)
@@ -0,0 +1,87 @@
+Goal: Do not break chpasswd/chgpasswd if compiled with
+      SSP (the -fstack-protector option in gcc 4.1) by fixing an
+      overflow in the 'salt' array
+
+Fix: #377825
+
+Author: Colin Watson <cjwatson at debian.org>
+
+Status wrt upstream: reported, not applied yet
+
+Index: shadow-4.0.17/libmisc/salt.c
+===================================================================
+--- shadow-4.0.17.orig/libmisc/salt.c	2006-07-14 09:25:51.386230790 +0200
++++ shadow-4.0.17/libmisc/salt.c	2006-07-14 09:25:52.746241896 +0200
+@@ -25,11 +25,13 @@
+ {
+ 	struct timeval tv;
+ 	static char result[40];
++	int max_salt_len = 8;
+ 
+ 	result[0] = '\0';
+ #ifndef USE_PAM
+ 	if (getdef_bool ("MD5_CRYPT_ENAB")) {
+ 		strcpy (result, "$1$");	/* magic for the new MD5 crypt() */
++		max_salt_len += 3;
+ 	}
+ #endif
+ 
+@@ -40,8 +42,8 @@
+ 	strcat (result, l64a (tv.tv_usec));
+ 	strcat (result, l64a (tv.tv_sec + getpid () + clock ()));
+ 
+-	if (strlen (result) > 3 + 8)	/* magic+salt */
+-		result[11] = '\0';
++	if (strlen (result) > max_salt_len)
++		result[max_salt_len] = '\0';
+ 
+ 	return result;
+ }
+Index: shadow-4.0.17/src/chgpasswd.c
+===================================================================
+--- shadow-4.0.17.orig/src/chgpasswd.c	2006-07-14 09:25:51.334230366 +0200
++++ shadow-4.0.17/src/chgpasswd.c	2006-07-14 09:25:52.746241896 +0200
+@@ -244,10 +244,16 @@
+ 		newpwd = cp;
+ 		if (!eflg) {
+ 			if (md5flg) {
+-				char salt[12] = "$1$";
++				char md5salt[12] = "$1$";
++				char *salt = crypt_make_salt ();
+ 
+-				strcat (salt, crypt_make_salt ());
+-				cp = pw_encrypt (newpwd, salt);
++				if (strncmp (salt, "$1$", 3) == 0) {
++					strncat (md5salt, salt, 11);
++				} else {
++					strcat (md5salt, "$1$");
++					strncat (md5salt, salt, 8);
++				}
++				cp = pw_encrypt (newpwd, md5salt);
+ 			} else
+ 				cp = pw_encrypt (newpwd, crypt_make_salt ());
+ 		}
+Index: shadow-4.0.17/src/chpasswd.c
+===================================================================
+--- shadow-4.0.17.orig/src/chpasswd.c	2006-07-14 09:25:51.206229320 +0200
++++ shadow-4.0.17/src/chpasswd.c	2006-07-14 09:25:52.750241929 +0200
+@@ -240,10 +240,16 @@
+ 		newpwd = cp;
+ 		if (!eflg) {
+ 			if (md5flg) {
+-				char salt[12] = "$1$";
++				char md5salt[12] = "";
++				char *salt = crypt_make_salt ();
+ 
+-				strcat (salt, crypt_make_salt ());
+-				cp = pw_encrypt (newpwd, salt);
++				if (strncmp (salt, "$1$", 3) == 0) {
++					strncat (md5salt, salt, 11);
++				} else {
++					strcat (md5salt, "$1$");
++					strncat (md5salt, salt, 8);
++				}
++				cp = pw_encrypt (newpwd, md5salt);
+ 			} else
+ 				cp = pw_encrypt (newpwd, crypt_make_salt ());
+ 		}

Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series	2006-07-13 06:17:44 UTC (rev 1046)
+++ trunk/debian/patches/series	2006-07-14 07:28:17 UTC (rev 1047)
@@ -35,3 +35,4 @@
 487_passwd_chauthtok_failed_message
 403_fix_PATH-MAX_hurd
 508_nologin_in_usr_sbin
+495_salt_stack_smash


