mirror of
https://git.yoctoproject.org/poky
synced 2026-04-08 08:02:23 +02:00
sudo: update crypt.patch to use backport from upstream
Upstream closed my bug and rewrote the patch, so update our patch with a backport from upstream. (From OE-Core rev: 31327bac1e5438a0041638332698a1e1e91640ba) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Ross Burton
committed by
Richard Purdie
Richard Purdie
parent
8e5c349156
commit
bd25074178
@@ -1,24 +1,100 @@
|
||||
Staring from glibc 2.17 the crypt() function will error out and return NULL if
|
||||
the seed or "correct" is invalid. The failure case for this is the sudo user
|
||||
having a locked account in /etc/shadow, so their password is "!", which is an
|
||||
invalid hash. crypt() never returned NULL previously so this is crashing in
|
||||
strcmp().
|
||||
|
||||
Upstream-Status: Pending
|
||||
Upstream-Status: Backport
|
||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
||||
|
||||
Index: sudo-1.8.6p7/plugins/sudoers/auth/passwd.c
|
||||
===================================================================
|
||||
--- sudo-1.8.6p7.orig/plugins/sudoers/auth/passwd.c 2013-04-11 15:26:28.456416867 +0100
|
||||
+++ sudo-1.8.6p7/plugins/sudoers/auth/passwd.c 2013-04-11 15:31:31.156421718 +0100
|
||||
@@ -96,7 +96,9 @@
|
||||
# HG changeset patch
|
||||
# User Todd C. Miller <Todd.Miller@courtesan.com>
|
||||
# Date 1365700240 14400
|
||||
# Node ID 887b9df243df5254e56c467a016f1b0a7a8507dd
|
||||
# Parent fd7eda53cdd76aaf8336800c61005ae93de95ac7
|
||||
Check for crypt() returning NULL. Traditionally, crypt() never returned
|
||||
NULL but newer versions of eglibc have a crypt() that does. Bug #598
|
||||
|
||||
diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/passwd.c
|
||||
--- a/plugins/sudoers/auth/passwd.c Thu Apr 11 09:09:53 2013 -0400
|
||||
+++ b/plugins/sudoers/auth/passwd.c Thu Apr 11 13:10:40 2013 -0400
|
||||
@@ -68,15 +68,15 @@
|
||||
char sav, *epass;
|
||||
char *pw_epasswd = auth->data;
|
||||
size_t pw_len;
|
||||
- int error;
|
||||
+ int matched = 0;
|
||||
debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH)
|
||||
|
||||
pw_len = strlen(pw_epasswd);
|
||||
|
||||
#ifdef HAVE_GETAUTHUID
|
||||
/* Ultrix shadow passwords may use crypt16() */
|
||||
- error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd));
|
||||
- if (!error)
|
||||
+ epass = (char *) crypt16(pass, pw_epasswd);
|
||||
+ if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
|
||||
debug_return_int(AUTH_SUCCESS);
|
||||
#endif /* HAVE_GETAUTHUID */
|
||||
|
||||
@@ -95,12 +95,14 @@
|
||||
*/
|
||||
epass = (char *) crypt(pass, pw_epasswd);
|
||||
pass[8] = sav;
|
||||
- if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
|
||||
+ if (epass == NULL)
|
||||
+ error = AUTH_FAILURE;
|
||||
+ else if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
|
||||
error = strncmp(pw_epasswd, epass, DESLEN);
|
||||
else
|
||||
error = strcmp(pw_epasswd, epass);
|
||||
- error = strncmp(pw_epasswd, epass, DESLEN);
|
||||
- else
|
||||
- error = strcmp(pw_epasswd, epass);
|
||||
+ if (epass != NULL) {
|
||||
+ if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
|
||||
+ matched = !strncmp(pw_epasswd, epass, DESLEN);
|
||||
+ else
|
||||
+ matched = !strcmp(pw_epasswd, epass);
|
||||
+ }
|
||||
|
||||
- debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS);
|
||||
+ debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE);
|
||||
}
|
||||
|
||||
int
|
||||
diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/secureware.c
|
||||
--- a/plugins/sudoers/auth/secureware.c Thu Apr 11 09:09:53 2013 -0400
|
||||
+++ b/plugins/sudoers/auth/secureware.c Thu Apr 11 13:10:40 2013 -0400
|
||||
@@ -73,30 +73,28 @@
|
||||
sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth)
|
||||
{
|
||||
char *pw_epasswd = auth->data;
|
||||
+ char *epass = NULL;
|
||||
debug_decl(sudo_secureware_verify, SUDO_DEBUG_AUTH)
|
||||
#ifdef __alpha
|
||||
{
|
||||
extern int crypt_type;
|
||||
|
||||
-# ifdef HAVE_DISPCRYPT
|
||||
- if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0)
|
||||
- debug_return_int(AUTH_SUCCESS);
|
||||
-# else
|
||||
- if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
|
||||
- if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
|
||||
- debug_return_int(AUTH_SUCCESS);
|
||||
- } else if (crypt_type == AUTH_CRYPT_CRYPT16) {
|
||||
- if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0)
|
||||
- debug_return_int(AUTH_SUCCESS);
|
||||
- }
|
||||
+# ifdef HAVE_DISPCRYPT
|
||||
+ epass = dispcrypt(pass, pw_epasswd, crypt_type);
|
||||
+# else
|
||||
+ if (crypt_type == AUTH_CRYPT_BIGCRYPT)
|
||||
+ epass = bigcrypt(pass, pw_epasswd);
|
||||
+ else if (crypt_type == AUTH_CRYPT_CRYPT16)
|
||||
+ epass = crypt(pass, pw_epasswd);
|
||||
}
|
||||
-# endif /* HAVE_DISPCRYPT */
|
||||
+# endif /* HAVE_DISPCRYPT */
|
||||
#elif defined(HAVE_BIGCRYPT)
|
||||
- if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0)
|
||||
- debug_return_int(AUTH_SUCCESS);
|
||||
+ epass = bigcrypt(pass, pw_epasswd);
|
||||
#endif /* __alpha */
|
||||
|
||||
- debug_return_int(AUTH_FAILURE);
|
||||
+ if (epass != NULL && strcmp(pw_epasswd, epass) == 0)
|
||||
+ debug_return_int(AUTH_SUCCESS);
|
||||
+ debug_return_int(AUTH_FAILURE);
|
||||
}
|
||||
|
||||
int
|
||||
|
||||
Reference in New Issue
Block a user