mirror of
https://abf.rosa.ru/djam/pam.git
synced 2025-02-23 16:32:51 +00:00
Merge remote-tracking branch 'kuzma/rosa-dx-chrome-1.0' into current
This commit is contained in:
Dmitry Fedorov
commit
30aed59600
2 changed files with 43 additions and 0 deletions
36
pam-CVE-2013-7041.patch
Normal file
36
pam-CVE-2013-7041.patch
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
diff -pruN a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
|
||||
--- a/modules/pam_userdb/pam_userdb.c 2011-06-21 16:04:56.000000000 +0700
|
||||
+++ b/modules/pam_userdb/pam_userdb.c 2014-08-28 17:41:35.243954732 +0700
|
||||
@@ -214,24 +214,23 @@ user_lookup (pam_handle_t *pamh, const c
|
||||
/* crypt(3) password storage */
|
||||
|
||||
char *cryptpw;
|
||||
- char salt[2];
|
||||
|
||||
- if (data.dsize != 13) {
|
||||
+ if (data.dsize < 13) {
|
||||
compare = -2;
|
||||
} else if (ctrl & PAM_ICASE_ARG) {
|
||||
compare = -2;
|
||||
} else {
|
||||
- salt[0] = *data.dptr;
|
||||
- salt[1] = *(data.dptr + 1);
|
||||
+ cryptpw = crypt (pass, data.dptr);
|
||||
|
||||
- cryptpw = crypt (pass, salt);
|
||||
-
|
||||
- if (cryptpw) {
|
||||
- compare = strncasecmp (data.dptr, cryptpw, data.dsize);
|
||||
+ if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
|
||||
+ compare = memcmp(data.dptr, cryptpw, data.dsize);
|
||||
} else {
|
||||
compare = -2;
|
||||
if (ctrl & PAM_DEBUG_ARG) {
|
||||
- pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
|
||||
+ if (cryptpw)
|
||||
+ pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ");
|
||||
+ else
|
||||
+ pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
|
||||
}
|
||||
};
|
||||
|
||||
7
pam.spec
7
pam.spec
|
|
@ -72,6 +72,7 @@ Patch702: Linux-PAM-1.1.4-add-now-missing-nis-constant.patch
|
|||
# (akdengi> add user to default group users which need for Samba
|
||||
Patch801: Linux-PAM-1.1.4-group_add_users.patch
|
||||
Patch802: pam-CVE-2014-2583.patch
|
||||
Patch803: pam-CVE-2013-7041.patch
|
||||
|
||||
BuildRequires: selinux-devel >= 2.1.6-7
|
||||
BuildRequires: bison
|
||||
|
|
@ -177,6 +178,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
|
|||
%patch702 -p1 -b .nis_const~
|
||||
%patch801 -p1 -b .group_users
|
||||
%patch802 -p1
|
||||
%patch803 -p1
|
||||
|
||||
# 08/08/2008 - vdanen - make pam provide pam_unix until we can work out all the issues in pam_tcb; this
|
||||
# just makes things easier but is not meant to be a permanent solution
|
||||
|
|
@ -334,6 +336,11 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Fri Aug 28 2014 Kuzma Kazygashev <kuzma.kazygashev@rosalab.ru> 1.1.14-16
|
||||
- Added security fix for CVE-2013-7041
|
||||
|
||||
* Wed Jul 23 2014 Danila Leontiev <danila.leontiev@rosalab.ru> 1.1.14-15
|
||||
- Added security fix for CVE-2014-2583
|
||||
|
||||
* Tue Feb 26 2013 Alexander Romanov <a.romanov@rosa-ntcit.ru>
|
||||
- Rosa initial commit
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue