diff options
| -rw-r--r-- | changelog | 10 | ||||
| -rw-r--r-- | patches-applied/059_pam_userdb_segv | 53 |
2 files changed, 63 insertions, 0 deletions
@@ -1,3 +1,13 @@ +pam (0.79-3) unstable; urgency=low + + * Patch 059 + - Fix a segfault in pam_userdb when the new "crypt=" option + is unset, as will be the case for all existing users; already fixed + upstream. Closes: #330829. + - Fix a memory leak in the same code due to gratuitous strdup()s. + + -- Steve Langasek <vorlon@debian.org> Fri, 30 Sep 2005 01:17:53 -0700 + pam (0.79-2) unstable; urgency=low The ".c.o: rm -rf $@" release diff --git a/patches-applied/059_pam_userdb_segv b/patches-applied/059_pam_userdb_segv new file mode 100644 index 00000000..adfafe49 --- /dev/null +++ b/patches-applied/059_pam_userdb_segv @@ -0,0 +1,53 @@ +Index: Linux-PAM/modules/pam_userdb/pam_userdb.c +=================================================================== +--- Linux-PAM/modules/pam_userdb/pam_userdb.c (revision 363) ++++ Linux-PAM/modules/pam_userdb/pam_userdb.c (working copy) +@@ -83,7 +83,7 @@ + ctrl |= PAM_KEY_ONLY_ARG; + else if (!strncasecmp(*argv,"db=", 3)) + { +- *database = strdup((*argv) + 3); ++ *database = (*argv) + 3; + if ((*database == NULL) || (strlen (*database) == 0)) + _pam_log(LOG_ERR, + "pam_parse: could not parse argument \"%s\"", +@@ -91,7 +91,7 @@ + } + else if (!strncasecmp(*argv,"crypt=", 6)) + { +- *cryptmode = strdup((*argv) + 6); ++ *cryptmode = (*argv) + 6; + if ((*cryptmode == NULL) || (strlen (*cryptmode) == 0)) + _pam_log(LOG_ERR, + "pam_parse: could not parse argument \"%s\"", +@@ -174,7 +174,7 @@ + return 0; /* found it, data contents don't matter */ + } + +- if (strncasecmp(cryptmode, "crypt", 5) == 0) { ++ if (cryptmode && !strncasecmp(cryptmode, "crypt", 5)) { + + /* crypt(3) password storage */ + +@@ -208,15 +208,15 @@ + * default to plaintext password storage + */ + +- if (strlen(pass) != data.dsize) { +- compare = 1; /* wrong password len -> wrong password */ +- } else if (ctrl & PAM_ICASE_ARG) { ++ if (strlen(pass) != data.dsize) { ++ compare = 1; /* wrong password len -> wrong password */ ++ } else if (ctrl & PAM_ICASE_ARG) { + compare = strncasecmp(data.dptr, pass, data.dsize); +- } else { ++ } else { + compare = strncmp(data.dptr, pass, data.dsize); +- } ++ } + +- if (strncasecmp(cryptmode, "none", 4) && ctrl & PAM_DEBUG_ARG) { ++ if (cryptmode && strncasecmp(cryptmode, "none", 4) && ctrl & PAM_DEBUG_ARG) { + _pam_log(LOG_INFO, "invalid value for crypt parameter: %s", + cryptmode); + _pam_log(LOG_INFO, "defaulting to plaintext password mode"); |