Browse code
Add patch for shadow CVE-2017-12424
Change-Id: I9af4f90dabe7eb340cba2f61adbf449e1d260998
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3541
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
suezzelur authored on 2017/08/17 01:06:37Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,39 @@ |
| 0 |
+From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Tomas Mraz <tmraz@fedoraproject.org> |
|
| 2 |
+Date: Fri, 31 Mar 2017 16:25:06 +0200 |
|
| 3 |
+Subject: [PATCH] Fix buffer overflow if NULL line is present in db. |
|
| 4 |
+ |
|
| 5 |
+If ptr->line == NULL for an entry, the first cycle will exit, |
|
| 6 |
+but the second one will happily write past entries buffer. |
|
| 7 |
+We actually do not want to exit the first cycle prematurely |
|
| 8 |
+on ptr->line == NULL. |
|
| 9 |
+Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org> |
|
| 10 |
+--- |
|
| 11 |
+ lib/commonio.c | 8 ++++---- |
|
| 12 |
+ 1 file changed, 4 insertions(+), 4 deletions(-) |
|
| 13 |
+ |
|
| 14 |
+diff --git a/lib/commonio.c b/lib/commonio.c |
|
| 15 |
+index b10da06a..31edbaaf 100644 |
|
| 16 |
+--- a/lib/commonio.c |
|
| 17 |
+@@ -751,16 +751,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *)) |
|
| 18 |
+ for (ptr = db->head; |
|
| 19 |
+ (NULL != ptr) |
|
| 20 |
+ #if KEEP_NIS_AT_END |
|
| 21 |
+- && (NULL != ptr->line) |
|
| 22 |
+- && ( ('+' != ptr->line[0])
|
|
| 23 |
+- && ('-' != ptr->line[0]))
|
|
| 24 |
++ && ((NULL == ptr->line) |
|
| 25 |
++ || (('+' != ptr->line[0])
|
|
| 26 |
++ && ('-' != ptr->line[0])))
|
|
| 27 |
+ #endif |
|
| 28 |
+ ; |
|
| 29 |
+ ptr = ptr->next) {
|
|
| 30 |
+ n++; |
|
| 31 |
+ } |
|
| 32 |
+ #if KEEP_NIS_AT_END |
|
| 33 |
+- if ((NULL != ptr) && (NULL != ptr->line)) {
|
|
| 34 |
++ if (NULL != ptr) {
|
|
| 35 |
+ nis = ptr; |
|
| 36 |
+ } |
|
| 37 |
+ #endif |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: Programs for handling passwords in a secure way |
| 2 | 2 |
Name: shadow |
| 3 | 3 |
Version: 4.2.1 |
| 4 |
-Release: 10%{?dist}
|
|
| 4 |
+Release: 11%{?dist}
|
|
| 5 | 5 |
URL: http://pkg-shadow.alioth.debian.org/ |
| 6 | 6 |
License: BSD |
| 7 | 7 |
Group: Applications/System |
| ... | ... |
@@ -13,6 +13,7 @@ Source1: PAM-Configuration-Files-1.5.tar.gz |
| 13 | 13 |
%define sha1 PAM=08052511f985e3b3072c194ac1287e036d9299fb |
| 14 | 14 |
Patch0: chkname-allowcase.patch |
| 15 | 15 |
Patch1: shadow-4.2.1-CVE-2016-6252-fix.patch |
| 16 |
+Patch2: shadow-4.2.1-CVE-2017-12424.patch |
|
| 16 | 17 |
BuildRequires: cracklib |
| 17 | 18 |
BuildRequires: cracklib-devel |
| 18 | 19 |
Requires: cracklib |
| ... | ... |
@@ -28,6 +29,7 @@ in a secure way. |
| 28 | 28 |
%setup -q -T -D -a 1 |
| 29 | 29 |
%patch0 -p1 |
| 30 | 30 |
%patch1 -p1 |
| 31 |
+%patch2 -p1 |
|
| 31 | 32 |
sed -i 's/groups$(EXEEXT) //' src/Makefile.in |
| 32 | 33 |
find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \;
|
| 33 | 34 |
sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ |
| ... | ... |
@@ -103,6 +105,8 @@ done |
| 103 | 103 |
%{_mandir}/*/*
|
| 104 | 104 |
%config(noreplace) %{_sysconfdir}/pam.d/*
|
| 105 | 105 |
%changelog |
| 106 |
+* Tue Aug 15 2017 Anish Swaminathan <anishs@vmware.com> 4.2.1-11 |
|
| 107 |
+- Added fix for CVE-2017-12424 |
|
| 106 | 108 |
* Fri Jun 30 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.1-10 |
| 107 | 109 |
- Added fix for CVE-2016-6252 |
| 108 | 110 |
* Thu Apr 27 2017 Divya Thaluru <dthaluru@vmware.com> 4.2.1-9 |