diff options
author | Saul Wold <sgw@linux.intel.com> | 2013-04-05 10:09:31 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-04-05 18:21:12 +0100 |
commit | 03034e0f5dff426ee7adaa2364082dd47c23260a (patch) | |
tree | 3f019599ae06da7cd4ec0e936c188070eccf93e8 /meta/recipes-core/tinylogin/tinylogin-1.4 | |
parent | a51041db57666c60f39c4effa4aceb53cae815dc (diff) | |
download | openembedded-core-contrib-03034e0f5dff426ee7adaa2364082dd47c23260a.tar.gz |
tinylogin: fix segfault from crypt()
In glibc 2.17, crypt() now expects 2 valid chars for the seed or
it will error out and return a NULL. The tinylogin code took the
result from crypt directly into a strcmp() which caused a segfault
Tinylogin has been deperacted, busybox now has login support, I will
investigate using busybox login support for 1.5.
[YOCTO #4097]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/tinylogin/tinylogin-1.4')
-rw-r--r-- | meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch b/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch new file mode 100644 index 0000000000..0a24656d09 --- /dev/null +++ b/meta/recipes-core/tinylogin/tinylogin-1.4/glibc_crypt_fix.patch @@ -0,0 +1,23 @@ + +staring from glibc 2.17 the crypt() function will error out and return +NULL if the seed or "correct" is invalid. The failure case for this is +an unknown user which tinylogin assigns '!' for the password. crypt() +now expects a minimum of 2 valid characters. If we get a NULL return +value from the crypt, assume we fail and return 0. + +Upstream-Status: Inappropriate [tinylogin depercated] +Signed-off-by: Saul Wold <sgw@linux.intel.com> + +Index: tinylogin-1.4/libbb/correct_password.c +=================================================================== +--- tinylogin-1.4.orig/libbb/correct_password.c ++++ tinylogin-1.4/libbb/correct_password.c +@@ -74,5 +74,8 @@ int correct_password ( const struct pass + } + encrypted = crypt ( unencrypted, correct ); + memset ( unencrypted, 0, xstrlen ( unencrypted )); ++ if ( !encrypted ) ++ return 0; ++ + return ( strcmp ( encrypted, correct ) == 0 ) ? 1 : 0; + } |