diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2018-05-25 23:29:36 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2018-05-31 15:18:32 -0700 |
| commit | 8ff4f2f51a6cf07fc33742ce3bee81328896e49b (patch) | |
| tree | 4a166b8389404be98a6c098babaa444e2dec8f48 /patches/source/yptools/yp-tools-2.14-glibc217-crypt.diff | |
| parent | 76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (diff) | |
| download | current-14.1.tar.gz current-14.1.tar.xz | |
Fri May 25 23:29:36 UTC 201814.1
patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.1.txz: Rebuilt.
Handle removal of US/Pacific-New timezone. If we see that the machine is
using this, it will be automatically switched to US/Pacific.
Diffstat (limited to 'patches/source/yptools/yp-tools-2.14-glibc217-crypt.diff')
| -rw-r--r-- | patches/source/yptools/yp-tools-2.14-glibc217-crypt.diff | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/patches/source/yptools/yp-tools-2.14-glibc217-crypt.diff b/patches/source/yptools/yp-tools-2.14-glibc217-crypt.diff new file mode 100644 index 000000000..148b06632 --- /dev/null +++ b/patches/source/yptools/yp-tools-2.14-glibc217-crypt.diff @@ -0,0 +1,86 @@ +Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL +(w/ NULL return) if the salt violates specifications. Additionally, +on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords +passed to crypt() fail with EPERM (w/ NULL return). + +If using glibc's crypt(), check return value to avoid a possible +NULL pointer dereference. + +Author: mancha + +==== + +--- yp-tools-2.14/src/yppasswd.c.orig 2010-04-21 ++++ yp-tools-2.14/src/yppasswd.c 2013-05-22 +@@ -423,6 +423,7 @@ static int /* return values: 0 = not ok, + verifypassword (struct passwd *pwd, char *pwdstr, uid_t uid) + { + char *p, *q; ++ char *crypted_pass; + int ucase, lcase, other, r; + int passwdlen; + +@@ -448,12 +449,19 @@ verifypassword (struct passwd *pwd, char + } + + passwdlen = get_passwd_len (pwd->pw_passwd); +- if (pwd->pw_passwd[0] +- && !strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), passwdlen) +- && uid) ++ if (pwd->pw_passwd[0] && uid) + { +- fputs (_("You cannot reuse the old password.\n"), stderr); +- return 0; ++ crypted_pass = crypt (pwdstr, pwd->pw_passwd); ++ if (crypted_pass == NULL) ++ { ++ fputs (_("crypt() call failed.\n"), stderr); ++ return 0; ++ } ++ if (!strncmp (pwd->pw_passwd, crypted_pass, passwdlen)) ++ { ++ fputs (_("You cannot reuse the old password.\n"), stderr); ++ return 0; ++ } + } + + r = 0; +@@ -517,6 +525,7 @@ int + main (int argc, char **argv) + { + char *s, *progname, *domainname = NULL, *user = NULL, *master = NULL; ++ char *crypted_pass; + int f_flag = 0, l_flag = 0, p_flag = 0, error, status; + int hash_id = DES; + char rounds[11] = "\0"; /* max length is '999999999$' */ +@@ -738,7 +747,13 @@ main (int argc, char **argv) + char *sane_passwd = alloca (passwdlen + 1); + strncpy (sane_passwd, pwd->pw_passwd, passwdlen); + sane_passwd[passwdlen] = 0; +- if (strcmp (crypt (s, sane_passwd), sane_passwd)) ++ crypted_pass = crypt (s, sane_passwd); ++ if (crypted_pass == NULL) ++ { ++ fprintf (stderr, _("crypt() call failed.\n")); ++ return 1; ++ } ++ if (strcmp (crypted_pass, sane_passwd)) + { + fprintf (stderr, _("Sorry.\n")); + return 1; +@@ -833,7 +848,14 @@ main (int argc, char **argv) + break; + } + +- yppwd.newpw.pw_passwd = strdup (crypt (buf, salt)); ++ crypted_pass = crypt (buf, salt); ++ if (crypted_pass == NULL) ++ { ++ printf (_("crypt() call failed - password unchanged.\n")); ++ return 1; ++ } ++ ++ yppwd.newpw.pw_passwd = strdup (crypted_pass); + } + + if (f_flag) |