diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2019-03-05 22:54:06 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2019-03-06 08:59:47 +0100 |
| commit | 3795d8d3c2a562a61c9a35d2dc839405700f3044 (patch) | |
| tree | 18de662dd14a91e7967b941e13a05e2921546c14 /source/x/x11/patch/xdm/xdm.glibc.crypt.diff | |
| parent | 490bd1ff02b9d0e37a0aec334c1be80d54ed3ab6 (diff) | |
| download | current-3795d8d3c2a562a61c9a35d2dc839405700f3044.tar.gz current-3795d8d3c2a562a61c9a35d2dc839405700f3044.tar.xz | |
Tue Mar 5 22:54:06 UTC 201920190305225406
a/hwdata-0.321-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.27-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.27-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.27-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.27-x86-1.txz: Upgraded.
k/kernel-source-4.19.27-noarch-1.txz: Upgraded.
l/M2Crypto-0.32.0-x86_64-1.txz: Upgraded.
l/imagemagick-6.9.10_32-x86_64-1.txz: Upgraded.
n/dovecot-2.3.5-x86_64-1.txz: Upgraded.
x/xdm-1.1.11-x86_64-9.txz: Rebuilt.
Reverted to xdm-1.1.11, as the new release after 7 years has some issues.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to '')
| -rw-r--r-- | source/x/x11/patch/xdm/xdm.glibc.crypt.diff | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/source/x/x11/patch/xdm/xdm.glibc.crypt.diff b/source/x/x11/patch/xdm/xdm.glibc.crypt.diff new file mode 100644 index 000000000..076df37dc --- /dev/null +++ b/source/x/x11/patch/xdm/xdm.glibc.crypt.diff @@ -0,0 +1,42 @@ +From 8d1eb5c74413e4c9a21f689fc106949b121c0117 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Wed, 22 May 2013 14:20:26 +0000 +Subject: Handle NULL returns from glibc 2.17+ crypt(). + +Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL +(w/ NULL return) if the salt violates specifications. Additionally, +on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords +passed to crypt() fail with EPERM (w/ NULL return). + +If using glibc's crypt(), check return value to avoid a possible +NULL pointer dereference. + +Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +--- +diff --git a/greeter/verify.c b/greeter/verify.c +index db3cb7d..b009e2b 100644 +--- a/greeter/verify.c ++++ b/greeter/verify.c +@@ -329,6 +329,7 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify) + struct spwd *sp; + # endif + char *user_pass = NULL; ++ char *crypted_pass = NULL; + # endif + # ifdef __OpenBSD__ + char *s; +@@ -464,7 +465,9 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify) + # if defined(ultrix) || defined(__ultrix__) + if (authenticate_user(p, greet->password, NULL) < 0) + # else +- if (strcmp (crypt (greet->password, user_pass), user_pass)) ++ crypted_pass = crypt (greet->password, user_pass); ++ if ((crypted_pass == NULL) ++ || (strcmp (crypted_pass, user_pass))) + # endif + { + if(!greet->allow_null_passwd || strlen(p->pw_passwd) > 0) { +-- +cgit v0.9.0.2-2-gbebe + |