diff options
| author |   Ross Burton <ross.burton@intel.com> | 2013-04-11 15:57:58 +0100 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-04-11 16:12:00 +0100 |
| commit | 06d7078f7631b92e8b789f8e94a3a346d8181ce6 (patch) | |
| tree | d6be0659ffe8819f666fe47088385a56f63d674e /meta/recipes-extended/sudo | |
| parent | ed03b850daf223ed89f8524e22fb28e259c3286a (diff) | |
| download | openembedded-core-contrib-06d7078f7631b92e8b789f8e94a3a346d8181ce6.tar.gz | |
sudo: handle glibc 2.17 crypt semantics
Staring from glibc 2.17 the crypt() function will error out and return NULL if
the seed or "correct" is invalid. The failure case for this is the sudo user
having a locked account in /etc/shadow, so their password is "!", which is an
invalid hash. crypt() never returned NULL previously so this is crashing in
strcmp().
[ YOCTO #4241 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/sudo')
| -rw-r--r-- | meta/recipes-extended/sudo/files/crypt.patch | 24 | ||||
| -rw-r--r-- | meta/recipes-extended/sudo/sudo_1.8.6p7.bb | 1 |
2 files changed, 25 insertions, 0 deletions
diff --git a/meta/recipes-extended/sudo/files/crypt.patch b/meta/recipes-extended/sudo/files/crypt.patch new file mode 100644 index 00000000000..53a257f52c5 --- /dev/null +++ b/meta/recipes-extended/sudo/files/crypt.patch @@ -0,0 +1,24 @@ +Staring from glibc 2.17 the crypt() function will error out and return NULL if +the seed or "correct" is invalid. The failure case for this is the sudo user +having a locked account in /etc/shadow, so their password is "!", which is an +invalid hash. crypt() never returned NULL previously so this is crashing in +strcmp(). + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@intel.com> + +Index: sudo-1.8.6p7/plugins/sudoers/auth/passwd.c +=================================================================== +--- sudo-1.8.6p7.orig/plugins/sudoers/auth/passwd.c 2013-04-11 15:26:28.456416867 +0100 ++++ sudo-1.8.6p7/plugins/sudoers/auth/passwd.c 2013-04-11 15:31:31.156421718 +0100 +@@ -96,7 +96,9 @@ + */ + epass = (char *) crypt(pass, pw_epasswd); + pass[8] = sav; +- if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) ++ if (epass == NULL) ++ error = AUTH_FAILURE; ++ else if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) + error = strncmp(pw_epasswd, epass, DESLEN); + else + error = strcmp(pw_epasswd, epass); diff --git a/meta/recipes-extended/sudo/sudo_1.8.6p7.bb b/meta/recipes-extended/sudo/sudo_1.8.6p7.bb index b79d0d58d8c..7198fd3c149 100644 --- a/meta/recipes-extended/sudo/sudo_1.8.6p7.bb +++ b/meta/recipes-extended/sudo/sudo_1.8.6p7.bb @@ -4,6 +4,7 @@ PR = "r0" SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \ file://libtool.patch \ + file://crypt.patch \ ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}" PAM_SRC_URI = "file://sudo.pam" |