[Pkg-shadow-commits] r1047 - in trunk/debian: . patches
Christian Perrier
bubulle at costa.debian.org
Fri Jul 14 07:28:22 UTC 2006
Author: bubulle
Date: 2006-07-14 07:28:17 +0000 (Fri, 14 Jul 2006)
New Revision: 1047
Added:
trunk/debian/patches/495_salt_stack_smash
Modified:
trunk/debian/changelog
trunk/debian/patches/series
Log:
Fix for #377825
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2006-07-13 06:17:44 UTC (rev 1046)
+++ trunk/debian/changelog 2006-07-14 07:28:17 UTC (rev 1047)
@@ -1,3 +1,12 @@
+shadow (1:4.0.17-2) UNRELEASED; urgency=low
+
+ * The "Selles sur Cher" release
+ * Upstream bugs not yet fixed in upstream releases or CVS:
+ - 495_salt_stack_smash: chpasswd/chgpasswd does not break if compiled
+ with SSP. Closes: #377825
+
+ -- Christian Perrier <bubulle at debian.org> Fri, 14 Jul 2006 09:25:26 +0200
+
shadow (1:4.0.17-1) unstable; urgency=low
* The "Sainte-maure de Touraine" release
Added: trunk/debian/patches/495_salt_stack_smash
===================================================================
--- trunk/debian/patches/495_salt_stack_smash 2006-07-13 06:17:44 UTC (rev 1046)
+++ trunk/debian/patches/495_salt_stack_smash 2006-07-14 07:28:17 UTC (rev 1047)
@@ -0,0 +1,87 @@
+Goal: Do not break chpasswd/chgpasswd if compiled with
+ SSP (the -fstack-protector option in gcc 4.1) by fixing an
+ overflow in the 'salt' array
+
+Fix: #377825
+
+Author: Colin Watson <cjwatson at debian.org>
+
+Status wrt upstream: reported, not applied yet
+
+Index: shadow-4.0.17/libmisc/salt.c
+===================================================================
+--- shadow-4.0.17.orig/libmisc/salt.c 2006-07-14 09:25:51.386230790 +0200
++++ shadow-4.0.17/libmisc/salt.c 2006-07-14 09:25:52.746241896 +0200
+@@ -25,11 +25,13 @@
+ {
+ struct timeval tv;
+ static char result[40];
++ int max_salt_len = 8;
+
+ result[0] = '\0';
+ #ifndef USE_PAM
+ if (getdef_bool ("MD5_CRYPT_ENAB")) {
+ strcpy (result, "$1$"); /* magic for the new MD5 crypt() */
++ max_salt_len += 3;
+ }
+ #endif
+
+@@ -40,8 +42,8 @@
+ strcat (result, l64a (tv.tv_usec));
+ strcat (result, l64a (tv.tv_sec + getpid () + clock ()));
+
+- if (strlen (result) > 3 + 8) /* magic+salt */
+- result[11] = '\0';
++ if (strlen (result) > max_salt_len)
++ result[max_salt_len] = '\0';
+
+ return result;
+ }
+Index: shadow-4.0.17/src/chgpasswd.c
+===================================================================
+--- shadow-4.0.17.orig/src/chgpasswd.c 2006-07-14 09:25:51.334230366 +0200
++++ shadow-4.0.17/src/chgpasswd.c 2006-07-14 09:25:52.746241896 +0200
+@@ -244,10 +244,16 @@
+ newpwd = cp;
+ if (!eflg) {
+ if (md5flg) {
+- char salt[12] = "$1$";
++ char md5salt[12] = "$1$";
++ char *salt = crypt_make_salt ();
+
+- strcat (salt, crypt_make_salt ());
+- cp = pw_encrypt (newpwd, salt);
++ if (strncmp (salt, "$1$", 3) == 0) {
++ strncat (md5salt, salt, 11);
++ } else {
++ strcat (md5salt, "$1$");
++ strncat (md5salt, salt, 8);
++ }
++ cp = pw_encrypt (newpwd, md5salt);
+ } else
+ cp = pw_encrypt (newpwd, crypt_make_salt ());
+ }
+Index: shadow-4.0.17/src/chpasswd.c
+===================================================================
+--- shadow-4.0.17.orig/src/chpasswd.c 2006-07-14 09:25:51.206229320 +0200
++++ shadow-4.0.17/src/chpasswd.c 2006-07-14 09:25:52.750241929 +0200
+@@ -240,10 +240,16 @@
+ newpwd = cp;
+ if (!eflg) {
+ if (md5flg) {
+- char salt[12] = "$1$";
++ char md5salt[12] = "";
++ char *salt = crypt_make_salt ();
+
+- strcat (salt, crypt_make_salt ());
+- cp = pw_encrypt (newpwd, salt);
++ if (strncmp (salt, "$1$", 3) == 0) {
++ strncat (md5salt, salt, 11);
++ } else {
++ strcat (md5salt, "$1$");
++ strncat (md5salt, salt, 8);
++ }
++ cp = pw_encrypt (newpwd, md5salt);
+ } else
+ cp = pw_encrypt (newpwd, crypt_make_salt ());
+ }
Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series 2006-07-13 06:17:44 UTC (rev 1046)
+++ trunk/debian/patches/series 2006-07-14 07:28:17 UTC (rev 1047)
@@ -35,3 +35,4 @@
487_passwd_chauthtok_failed_message
403_fix_PATH-MAX_hurd
508_nologin_in_usr_sbin
+495_salt_stack_smash
More information about the Pkg-shadow-commits
mailing list