mirror of
https://git.yoctoproject.org/poky
synced 2026-04-23 00:32:12 +02:00
83cc3abf34
Staring from glibc 2.17 the crypt() function will error out and return NULL if the seed or "correct" is invalid. The failure case for this is the sudo user having a locked account in /etc/shadow, so their password is "!", which is an invalid hash. crypt() never returned NULL previously so this is crashing in strcmp(). [ YOCTO #4241 ] (From OE-Core rev: 06d7078f7631b92e8b789f8e94a3a346d8181ce6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
25 lines
1.0 KiB
Diff
25 lines
1.0 KiB
Diff
Staring from glibc 2.17 the crypt() function will error out and return NULL if
|
|
the seed or "correct" is invalid. The failure case for this is the sudo user
|
|
having a locked account in /etc/shadow, so their password is "!", which is an
|
|
invalid hash. crypt() never returned NULL previously so this is crashing in
|
|
strcmp().
|
|
|
|
Upstream-Status: Pending
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
|
|
Index: sudo-1.8.6p7/plugins/sudoers/auth/passwd.c
|
|
===================================================================
|
|
--- sudo-1.8.6p7.orig/plugins/sudoers/auth/passwd.c 2013-04-11 15:26:28.456416867 +0100
|
|
+++ sudo-1.8.6p7/plugins/sudoers/auth/passwd.c 2013-04-11 15:31:31.156421718 +0100
|
|
@@ -96,7 +96,9 @@
|
|
*/
|
|
epass = (char *) crypt(pass, pw_epasswd);
|
|
pass[8] = sav;
|
|
- if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
|
|
+ if (epass == NULL)
|
|
+ error = AUTH_FAILURE;
|
|
+ else if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
|
|
error = strncmp(pw_epasswd, epass, DESLEN);
|
|
else
|
|
error = strcmp(pw_epasswd, epass);
|