From 984b113a7d1f757d7695b544497cb7ad36400816 Mon Sep 17 00:00:00 2001
From: Kees Cook <kees@debian.org>
Date: Thu, 27 Oct 2011 17:49:16 -0700
Subject: * debian/patches-applied/pam_env-fix-overflow.patch: fix stack
 overflow   in environment file parsing (CVE-2011-3148). *
 debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment   file
 parsing (CVE-2011-3149).

---
 debian/patches-applied/pam_env-fix-overflow.patch | 29 +++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 debian/patches-applied/pam_env-fix-overflow.patch

(limited to 'debian/patches-applied/pam_env-fix-overflow.patch')

diff --git a/debian/patches-applied/pam_env-fix-overflow.patch b/debian/patches-applied/pam_env-fix-overflow.patch
new file mode 100644
index 00000000..7797359a
--- /dev/null
+++ b/debian/patches-applied/pam_env-fix-overflow.patch
@@ -0,0 +1,29 @@
+Description: correctly count leading whitespace when parsing environment
+ file (CVE-2011-3148).
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469
+Author: Kees Cook <kees@debian.org>
+
+Index: pam-debian/modules/pam_env/pam_env.c
+===================================================================
+--- pam-debian.orig/modules/pam_env/pam_env.c	2011-10-14 10:51:30.973701139 -0700
++++ pam-debian/modules/pam_env/pam_env.c	2011-10-14 12:32:25.578188004 -0700
+@@ -287,6 +287,7 @@
+     char *p = buffer;
+     char *s, *os;
+     int used = 0;
++    int whitespace;
+ 
+     /* loop broken with a 'break' when a non-'\\n' ended line is read */
+ 
+@@ -309,8 +310,10 @@
+ 
+ 	/* skip leading spaces --- line may be blank */
+ 
+-	s = p + strspn(p, " \n\t");
++	whitespace = strspn(p, " \n\t");
++	s = p + whitespace;
+ 	if (*s && (*s != '#')) {
++	    used += whitespace;
+ 	    os = s;
+ 
+ 	    /*
-- 
cgit v1.2.3