mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-28 15:32:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
caac6c06bbeff7691f4f26c1d41e94de3d3c1c9a
poky/meta/recipes-extended/shadow/files/CVE-2023-4641-0001.patch
Soumya Sambu dc1a3be255 shadow: Fix CVE-2023-4641 
shadow-utils: possible password leak during passwd(1) change

(From OE-Core rev: 734a3e1fb5ee8ded3097a94c7ee8696518346166)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-09-30 09:43:59 -10:00

37 lines
1.1 KiB
Diff
Raw Blame History

From 58b6e97a9eef866e9e479fb781aaaf59fb11ef36 Mon Sep 17 00:00:00 2001
From: Christian Göttsche <cgzones@googlemail.com>
Date: Mon Apr 25 12:17:40 2022 +0200
Subject: [PATCH 1/2] passwd: erase password copy on all error branches
CVE: CVE-2023-4641
Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/58b6e97a9eef866e9e479fb781aaaf59fb11ef36]
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
---
src/passwd.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/passwd.c b/src/passwd.c
index 80531ec..8c6f81a 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -289,6 +289,7 @@ static int new_password (const struct passwd *pw)
cp = getpass (_("New password: "));
if (NULL == cp) {
memzero (orig, sizeof orig);
+ memzero (pass, sizeof pass);
return -1;
}
if (warned && (strcmp (pass, cp) != 0)) {
@@ -316,6 +317,7 @@ static int new_password (const struct passwd *pw)
cp = getpass (_("Re-enter new password: "));
if (NULL == cp) {
memzero (orig, sizeof orig);
+ memzero (pass, sizeof pass);
return -1;
}
if (strcmp (cp, pass) != 0) {
--
2.40.0
Reference in New Issue View Git Blame Copy Permalink