diff options
author | Ross Burton <ross.burton@intel.com> | 2013-04-12 11:19:31 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-04-12 16:32:39 +0100 |
commit | 31327bac1e5438a0041638332698a1e1e91640ba (patch) | |
tree | c076375faf3b857de9bc22a5b3bf0f737711849a /meta/recipes-extended/sudo/files | |
parent | 3a4ce4bd2b1ab7834edabbaf63acb18113cf1907 (diff) | |
download | openembedded-core-contrib-31327bac1e5438a0041638332698a1e1e91640ba.tar.gz |
sudo: update crypt.patch to use backport from upstream
Upstream closed my bug and rewrote the patch, so update our patch with a
backport from upstream.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/sudo/files')
-rw-r--r-- | meta/recipes-extended/sudo/files/crypt.patch | 112 |
1 files changed, 94 insertions, 18 deletions
diff --git a/meta/recipes-extended/sudo/files/crypt.patch b/meta/recipes-extended/sudo/files/crypt.patch index 53a257f52c5..d0622d372ce 100644 --- a/meta/recipes-extended/sudo/files/crypt.patch +++ b/meta/recipes-extended/sudo/files/crypt.patch @@ -1,24 +1,100 @@ -Staring from glibc 2.17 the crypt() function will error out and return NULL if -the seed or "correct" is invalid. The failure case for this is the sudo user -having a locked account in /etc/shadow, so their password is "!", which is an -invalid hash. crypt() never returned NULL previously so this is crashing in -strcmp(). - -Upstream-Status: Pending +Upstream-Status: Backport Signed-off-by: Ross Burton <ross.burton@intel.com> -Index: sudo-1.8.6p7/plugins/sudoers/auth/passwd.c -=================================================================== ---- sudo-1.8.6p7.orig/plugins/sudoers/auth/passwd.c 2013-04-11 15:26:28.456416867 +0100 -+++ sudo-1.8.6p7/plugins/sudoers/auth/passwd.c 2013-04-11 15:31:31.156421718 +0100 -@@ -96,7 +96,9 @@ +# HG changeset patch +# User Todd C. Miller <Todd.Miller@courtesan.com> +# Date 1365700240 14400 +# Node ID 887b9df243df5254e56c467a016f1b0a7a8507dd +# Parent fd7eda53cdd76aaf8336800c61005ae93de95ac7 +Check for crypt() returning NULL. Traditionally, crypt() never returned +NULL but newer versions of eglibc have a crypt() that does. Bug #598 + +diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/passwd.c +--- a/plugins/sudoers/auth/passwd.c Thu Apr 11 09:09:53 2013 -0400 ++++ b/plugins/sudoers/auth/passwd.c Thu Apr 11 13:10:40 2013 -0400 +@@ -68,15 +68,15 @@ + char sav, *epass; + char *pw_epasswd = auth->data; + size_t pw_len; +- int error; ++ int matched = 0; + debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH) + + pw_len = strlen(pw_epasswd); + + #ifdef HAVE_GETAUTHUID + /* Ultrix shadow passwords may use crypt16() */ +- error = strcmp(pw_epasswd, (char *) crypt16(pass, pw_epasswd)); +- if (!error) ++ epass = (char *) crypt16(pass, pw_epasswd); ++ if (epass != NULL && strcmp(pw_epasswd, epass) == 0) + debug_return_int(AUTH_SUCCESS); + #endif /* HAVE_GETAUTHUID */ + +@@ -95,12 +95,14 @@ */ epass = (char *) crypt(pass, pw_epasswd); pass[8] = sav; - if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) -+ if (epass == NULL) -+ error = AUTH_FAILURE; -+ else if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) - error = strncmp(pw_epasswd, epass, DESLEN); - else - error = strcmp(pw_epasswd, epass); +- error = strncmp(pw_epasswd, epass, DESLEN); +- else +- error = strcmp(pw_epasswd, epass); ++ if (epass != NULL) { ++ if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) ++ matched = !strncmp(pw_epasswd, epass, DESLEN); ++ else ++ matched = !strcmp(pw_epasswd, epass); ++ } + +- debug_return_int(error ? AUTH_FAILURE : AUTH_SUCCESS); ++ debug_return_int(matched ? AUTH_SUCCESS : AUTH_FAILURE); + } + + int +diff -r fd7eda53cdd7 -r 887b9df243df plugins/sudoers/auth/secureware.c +--- a/plugins/sudoers/auth/secureware.c Thu Apr 11 09:09:53 2013 -0400 ++++ b/plugins/sudoers/auth/secureware.c Thu Apr 11 13:10:40 2013 -0400 +@@ -73,30 +73,28 @@ + sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth) + { + char *pw_epasswd = auth->data; ++ char *epass = NULL; + debug_decl(sudo_secureware_verify, SUDO_DEBUG_AUTH) + #ifdef __alpha + { + extern int crypt_type; + +-# ifdef HAVE_DISPCRYPT +- if (strcmp(pw_epasswd, dispcrypt(pass, pw_epasswd, crypt_type)) == 0) +- debug_return_int(AUTH_SUCCESS); +-# else +- if (crypt_type == AUTH_CRYPT_BIGCRYPT) { +- if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0) +- debug_return_int(AUTH_SUCCESS); +- } else if (crypt_type == AUTH_CRYPT_CRYPT16) { +- if (strcmp(pw_epasswd, crypt(pass, pw_epasswd)) == 0) +- debug_return_int(AUTH_SUCCESS); +- } ++# ifdef HAVE_DISPCRYPT ++ epass = dispcrypt(pass, pw_epasswd, crypt_type); ++# else ++ if (crypt_type == AUTH_CRYPT_BIGCRYPT) ++ epass = bigcrypt(pass, pw_epasswd); ++ else if (crypt_type == AUTH_CRYPT_CRYPT16) ++ epass = crypt(pass, pw_epasswd); + } +-# endif /* HAVE_DISPCRYPT */ ++# endif /* HAVE_DISPCRYPT */ + #elif defined(HAVE_BIGCRYPT) +- if (strcmp(pw_epasswd, bigcrypt(pass, pw_epasswd)) == 0) +- debug_return_int(AUTH_SUCCESS); ++ epass = bigcrypt(pass, pw_epasswd); + #endif /* __alpha */ + +- debug_return_int(AUTH_FAILURE); ++ if (epass != NULL && strcmp(pw_epasswd, epass) == 0) ++ debug_return_int(AUTH_SUCCESS); ++ debug_return_int(AUTH_FAILURE); + } + + int |