Djam/pam
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/pam.git synced 2025-02-23 16:32:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Security fix

Browse source
This commit is contained in:
danila.leontiev 2014-07-23 13:11:37 +04:00
parent e4744528d7
commit 7e8e195c6a
3 changed files with 68 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
107.patch Normal file
View file

@ -0,0 +1,33 @@
diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
index 5193733..b3f08b1 100644
--- a/modules/pam_timestamp/pam_timestamp.c
+++ b/modules/pam_timestamp/pam_timestamp.c
@@ -158,7 +158,7 @@ check_tty(const char *tty)
tty = strrchr(tty, '/') + 1;
}
/* Make sure the tty wasn't actually a directory (no basename). */
- if (strlen(tty) == 0) {
+ if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) {
return NULL;
}
return tty;
@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen)
if (pwd != NULL) {
ruser = pwd->pw_name;
}
+ } else {
+ /*
+ * This ruser is used by format_timestamp_name as a component
+ * of constructed timestamp pathname, so ".", "..", and '/'
+ * are disallowed to avoid potential path traversal issues.
+ */
+ if (!strcmp(ruser, ".") ||
+ !strcmp(ruser, "..") ||
+ strchr(ruser, '/')) {
+ ruser = NULL;
+ }
}
if (ruser == NULL || strlen(ruser) >= ruserbuflen) {
*ruserbuf = '\0';

33
pam-CVE-2014-2583.patch Normal file
View file

@ -0,0 +1,33 @@
diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
index 5193733..b3f08b1 100644
--- a/modules/pam_timestamp/pam_timestamp.c
+++ b/modules/pam_timestamp/pam_timestamp.c
@@ -158,7 +158,7 @@ check_tty(const char *tty)
tty = strrchr(tty, '/') + 1;
}
/* Make sure the tty wasn't actually a directory (no basename). */
- if (strlen(tty) == 0) {
+ if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) {
return NULL;
}
return tty;
@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen)
if (pwd != NULL) {
ruser = pwd->pw_name;
}
+ } else {
+ /*
+ * This ruser is used by format_timestamp_name as a component
+ * of constructed timestamp pathname, so ".", "..", and '/'
+ * are disallowed to avoid potential path traversal issues.
+ */
+ if (!strcmp(ruser, ".") ||
+ !strcmp(ruser, "..") ||
+ strchr(ruser, '/')) {
+ ruser = NULL;
+ }
}
if (ruser == NULL || strlen(ruser) >= ruserbuflen) {
*ruserbuf = '\0';

2
pam.spec
View file

@ -71,6 +71,7 @@ Patch702: Linux-PAM-1.1.4-add-now-missing-nis-constant.patch
# (akdengi> add user to default group users which need for Samba # (akdengi> add user to default group users which need for Samba
Patch801: Linux-PAM-1.1.4-group_add_users.patch Patch801: Linux-PAM-1.1.4-group_add_users.patch
Patch802: pam-CVE-2014-2583.patch
BuildRequires: selinux-devel >= 2.1.6-7 BuildRequires: selinux-devel >= 2.1.6-7
BuildRequires: bison BuildRequires: bison
@ -175,6 +176,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
%patch701 -p1 -b .nopermsd %patch701 -p1 -b .nopermsd
%patch702 -p1 -b .nis_const~ %patch702 -p1 -b .nis_const~
%patch801 -p1 -b .group_users %patch801 -p1 -b .group_users
%patch802 -p1
# 08/08/2008 - vdanen - make pam provide pam_unix until we can work out all the issues in pam_tcb; this # 08/08/2008 - vdanen - make pam provide pam_unix until we can work out all the issues in pam_tcb; this
# just makes things easier but is not meant to be a permanent solution # just makes things easier but is not meant to be a permanent solution