diff options
| author |   Mingli Yu <mingli.yu@windriver.com> | 2021-08-16 16:03:45 +0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-08-17 09:52:18 +0100 |
| commit | ad8c62f988017e1e4da1f5ed7fb6f4a5ce44844e (patch) | |
| tree | d21dd6ed2de3e3c17cbd86cbd2a14b97afb62c54 | |
| parent | 3939b1923387d3bc440118ed1663d28a03a1ea5d (diff) | |
| download | openembedded-core-contrib-ad8c62f988017e1e4da1f5ed7fb6f4a5ce44844e.tar.gz | |
shadow: fix default value in SHA_get_salt_rounds()
Backport a patch [1] to fix chpasswd, gpasswd and passwd "hang" for
several minutes (10-20min) at 100% cpu usage though they finally
terminate successfully.
[1] https://github.com/shadow-maint/shadow/issues/393
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-extended/shadow/files/0001-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch | 64 | ||||
| -rw-r--r-- | meta/recipes-extended/shadow/shadow.inc | 1 |
2 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch b/meta/recipes-extended/shadow/files/0001-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch new file mode 100644 index 0000000000..2c9b1d06cd --- /dev/null +++ b/meta/recipes-extended/shadow/files/0001-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch @@ -0,0 +1,64 @@ +From 234e8fa7b134d1ebabfdad980a3ae5b63c046c62 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <floppym@gentoo.org> +Date: Sat, 14 Aug 2021 13:24:34 -0400 +Subject: [PATCH] libmisc: fix default value in SHA_get_salt_rounds() + +If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified, +use SHA_ROUNDS_DEFAULT. + +Previously, the code fell through, calling shadow_random(-1, -1). This +ultimately set rounds = (unsigned long) -1, which ends up being a very +large number! This then got capped to SHA_ROUNDS_MAX later in the +function. + +The new behavior matches BCRYPT_get_salt_rounds(). + +Bug: https://bugs.gentoo.org/808195 +Fixes: https://github.com/shadow-maint/shadow/issues/393 + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/234e8fa7b134d1ebabfdad980a3ae5b63c046c62] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + libmisc/salt.c | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +diff --git a/libmisc/salt.c b/libmisc/salt.c +index 91d528fd..30eefb9c 100644 +--- a/libmisc/salt.c ++++ b/libmisc/salt.c +@@ -223,20 +223,21 @@ static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *pre + if ((-1 == min_rounds) && (-1 == max_rounds)) { + rounds = SHA_ROUNDS_DEFAULT; + } ++ else { ++ if (-1 == min_rounds) { ++ min_rounds = max_rounds; ++ } + +- if (-1 == min_rounds) { +- min_rounds = max_rounds; +- } ++ if (-1 == max_rounds) { ++ max_rounds = min_rounds; ++ } + +- if (-1 == max_rounds) { +- max_rounds = min_rounds; +- } ++ if (min_rounds > max_rounds) { ++ max_rounds = min_rounds; ++ } + +- if (min_rounds > max_rounds) { +- max_rounds = min_rounds; ++ rounds = (unsigned long) shadow_random (min_rounds, max_rounds); + } +- +- rounds = (unsigned long) shadow_random (min_rounds, max_rounds); + } else if (0 == *prefered_rounds) { + rounds = SHA_ROUNDS_DEFAULT; + } else { +-- +2.17.1 + diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 97ffae978a..c1e24b4f16 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -16,6 +16,7 @@ SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/v${PV}/${BP} file://shadow-relaxed-usernames.patch \ file://0001-Fix-out-of-tree-builds-with-respect-to-libsubid-incl.patch \ file://0001-libsubid-link-to-PAM-libraries.patch \ + file://0001-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch \ " SRC_URI:append:class-target = " \ |