aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMingli Yu <mingli.yu@windriver.com>2021-08-16 16:03:45 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-08-17 09:52:18 +0100
commitad8c62f988017e1e4da1f5ed7fb6f4a5ce44844e (patch)
treed21dd6ed2de3e3c17cbd86cbd2a14b97afb62c54
parent3939b1923387d3bc440118ed1663d28a03a1ea5d (diff)
downloadopenembedded-core-contrib-ad8c62f988017e1e4da1f5ed7fb6f4a5ce44844e.tar.gz
openembedded-core-contrib-ad8c62f988017e1e4da1f5ed7fb6f4a5ce44844e.tar.bz2
openembedded-core-contrib-ad8c62f988017e1e4da1f5ed7fb6f4a5ce44844e.zip
shadow: fix default value in SHA_get_salt_rounds()
Backport a patch [1] to fix chpasswd, gpasswd and passwd "hang" for several minutes (10-20min) at 100% cpu usage though they finally terminate successfully. [1] https://github.com/shadow-maint/shadow/issues/393 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-extended/shadow/files/0001-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch64
-rw-r--r--meta/recipes-extended/shadow/shadow.inc1
2 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch b/meta/recipes-extended/shadow/files/0001-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch
new file mode 100644
index 00000000000..2c9b1d06cd6
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/0001-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch
@@ -0,0 +1,64 @@
+From 234e8fa7b134d1ebabfdad980a3ae5b63c046c62 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sat, 14 Aug 2021 13:24:34 -0400
+Subject: [PATCH] libmisc: fix default value in SHA_get_salt_rounds()
+
+If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified,
+use SHA_ROUNDS_DEFAULT.
+
+Previously, the code fell through, calling shadow_random(-1, -1). This
+ultimately set rounds = (unsigned long) -1, which ends up being a very
+large number! This then got capped to SHA_ROUNDS_MAX later in the
+function.
+
+The new behavior matches BCRYPT_get_salt_rounds().
+
+Bug: https://bugs.gentoo.org/808195
+Fixes: https://github.com/shadow-maint/shadow/issues/393
+
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/234e8fa7b134d1ebabfdad980a3ae5b63c046c62]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ libmisc/salt.c | 21 +++++++++++----------
+ 1 file changed, 11 insertions(+), 10 deletions(-)
+
+diff --git a/libmisc/salt.c b/libmisc/salt.c
+index 91d528fd..30eefb9c 100644
+--- a/libmisc/salt.c
++++ b/libmisc/salt.c
+@@ -223,20 +223,21 @@ static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *pre
+ if ((-1 == min_rounds) && (-1 == max_rounds)) {
+ rounds = SHA_ROUNDS_DEFAULT;
+ }
++ else {
++ if (-1 == min_rounds) {
++ min_rounds = max_rounds;
++ }
+
+- if (-1 == min_rounds) {
+- min_rounds = max_rounds;
+- }
++ if (-1 == max_rounds) {
++ max_rounds = min_rounds;
++ }
+
+- if (-1 == max_rounds) {
+- max_rounds = min_rounds;
+- }
++ if (min_rounds > max_rounds) {
++ max_rounds = min_rounds;
++ }
+
+- if (min_rounds > max_rounds) {
+- max_rounds = min_rounds;
++ rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
+ }
+-
+- rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
+ } else if (0 == *prefered_rounds) {
+ rounds = SHA_ROUNDS_DEFAULT;
+ } else {
+--
+2.17.1
+
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 97ffae978ab..c1e24b4f169 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -16,6 +16,7 @@ SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP}
file://shadow-relaxed-usernames.patch \
file://0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch \
file://0001-libsubid-link-to-PAM-libraries.patch \
+ file://0001-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch \
"
SRC_URI:append:class-target = " \