Attachment 576626 Details for Bug 811402 – patch for crasher

[patch] patch for crasher

pam-1.1.5-rhbz811402.patch (text/plain), 1.49 KB, created by Paul Wouters on 2012-04-10 22:56:53 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Paul Wouters

Created: 2012-04-10 22:56:53 UTC

Size: 1.49 KB

patch

obsolete

>diff -Naur Linux-PAM-1.1.5.old/modules/pam_unix/pam_unix_passwd.c Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c
>--- Linux-PAM-1.1.5.old/modules/pam_unix/pam_unix_passwd.c	2012-04-10 18:28:21.730000001 -0400
>+++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c	2012-04-10 18:45:00.240974523 -0400
>@@ -798,7 +798,7 @@
> 		tpass = create_password_hash(pamh, pass_new, ctrl, rounds);
> 		if (tpass == NULL) {
> 			pam_syslog(pamh, LOG_CRIT,
>-				"out of memory for password");
>+				"crypt() failure or out of memory for password");
> 			pass_new = pass_old = NULL;	/* tidy up */
> 			unlock_pwdf();
> 			return PAM_BUF_ERR;
>diff -Naur Linux-PAM-1.1.5.old/modules/pam_unix/passverify.c Linux-PAM-1.1.5/modules/pam_unix/passverify.c
>--- Linux-PAM-1.1.5.old/modules/pam_unix/passverify.c	2011-06-21 05:04:56.000000000 -0400
>+++ Linux-PAM-1.1.5/modules/pam_unix/passverify.c	2012-04-10 18:47:14.145010719 -0400
>@@ -424,7 +424,7 @@
> 	}
> #endif
> 	sp = crypt(password, salt);
>-	if (strncmp(algoid, sp, strlen(algoid)) != 0) {
>+	if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
> 		/* libxcrypt/libc doesn't know the algorithm, use MD5 */
> 		pam_syslog(pamh, LOG_ERR,
> 			   "Algo %s not supported by the crypto backend, "
>@@ -432,7 +432,9 @@
> 			   on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
> 			   on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
> 			   on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
>-		memset(sp, '\0', strlen(sp));
>+		if(sp) {
>+		   memset(sp, '\0', strlen(sp));
>+		}
> 		return crypt_md5_wrapper(password);
> 	}
>

Actions: View | Diff

Attachments on bug 811402: 576626