rpms/shadow-utils/FC-6 shadow-4.0.17-overflow.patch, NONE, 1.1 shadow-utils.spec, 1.87, 1.88
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Nov 14 10:15:33 UTC 2006
Author: pvrabec
Update of /cvs/dist/rpms/shadow-utils/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv11354
Modified Files:
shadow-utils.spec
Added Files:
shadow-4.0.17-overflow.patch
Log Message:
- fix chpasswd and chgpasswd stack overflow (#213052)
shadow-4.0.17-overflow.patch:
chgpasswd.c | 8 ++++++--
chpasswd.c | 8 ++++++--
2 files changed, 12 insertions(+), 4 deletions(-)
--- NEW FILE shadow-4.0.17-overflow.patch ---
--- shadow-4.0.17/src/chpasswd.c.overflow 2006-11-08 11:09:32.000000000 +0100
+++ shadow-4.0.17/src/chpasswd.c 2006-11-08 13:13:15.000000000 +0100
@@ -239,9 +239,13 @@
newpwd = cp;
if (!eflg) {
if (md5flg) {
- char salt[12] = "$1$";
+ char tmp[12];
+ char salt[15] = "\0";
- strcat (salt, crypt_make_salt ());
+ strcpy( tmp, crypt_make_salt ());
+ if( !strncmp( tmp, "$1$", 3) )
+ strcat( salt, "$1$");
+ strcat( salt, tmp);
cp = pw_encrypt (newpwd, salt);
} else
cp = pw_encrypt (newpwd, crypt_make_salt ());
--- shadow-4.0.17/src/chgpasswd.c.overflow 2006-11-08 13:13:40.000000000 +0100
+++ shadow-4.0.17/src/chgpasswd.c 2006-11-08 13:17:24.000000000 +0100
@@ -243,9 +243,13 @@
newpwd = cp;
if (!eflg) {
if (md5flg) {
- char salt[12] = "$1$";
+ char tmp[12];
+ char salt[15] = "\0";
- strcat (salt, crypt_make_salt ());
+ strcpy( tmp, crypt_make_salt ());
+ if( !strncmp( tmp, "$1$", 3) )
+ strcat( salt, "$1$");
+ strcat( salt, tmp);
cp = pw_encrypt (newpwd, salt);
} else
cp = pw_encrypt (newpwd, crypt_make_salt ());
Index: shadow-utils.spec
===================================================================
RCS file: /cvs/dist/rpms/shadow-utils/FC-6/shadow-utils.spec,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -r1.87 -r1.88
--- shadow-utils.spec 3 Nov 2006 15:23:28 -0000 1.87
+++ shadow-utils.spec 14 Nov 2006 10:15:30 -0000 1.88
@@ -5,7 +5,7 @@
Summary: Utilities for managing accounts and shadow password files.
Name: shadow-utils
Version: 4.0.17
-Release: 9%{?dist}
+Release: 10%{?dist}
Epoch: 2
URL: http://shadow.pld.org.pl/
Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2
@@ -23,6 +23,7 @@
Patch8: shadow-4.0.17-exitValues.patch
Patch9: shadow-4.0.17-aOption.patch
Patch10: shadow-4.0.17-auditLogging.patch
+Patch11: shadow-4.0.17-overflow.patch
License: BSD
Group: System Environment/Base
@@ -63,6 +64,7 @@
%patch8 -p1 -b .exitValues
%patch9 -p1 -b .aOption
%patch10 -p1 -b .auditLogging
+%patch11 -p1 -b .overflow
rm po/*.gmo
rm po/stamp-po
@@ -217,6 +219,9 @@
%{_mandir}/*/man8/faillog.8*
%changelog
+* Tue Nov 14 2006 Peter Vrabec <pvrabec at redhat.com> 2:4.0.17-10
+- fix chpasswd and chgpasswd stack overflow (#213052)
+
* Fri Nov 03 2006 Peter Vrabec <pvrabec at redhat.com> 2:4.0.17-9
- improve audit logging (#211659)
- improve "-l" option. Do not reset faillog if it's used (#213450).
More information about the fedora-cvs-commits
mailing list