diff options
Diffstat (limited to 'meta/recipes-extended/shadow/files/CVE-2023-4641-0001.patch')
-rw-r--r-- | meta/recipes-extended/shadow/files/CVE-2023-4641-0001.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641-0001.patch b/meta/recipes-extended/shadow/files/CVE-2023-4641-0001.patch new file mode 100644 index 0000000000..2d3c462f4d --- /dev/null +++ b/meta/recipes-extended/shadow/files/CVE-2023-4641-0001.patch @@ -0,0 +1,36 @@ +From 58b6e97a9eef866e9e479fb781aaaf59fb11ef36 Mon Sep 17 00:00:00 2001 +From: Christian Göttsche <cgzones@googlemail.com> +Date: Mon Apr 25 12:17:40 2022 +0200 +Subject: [PATCH 1/2] passwd: erase password copy on all error branches + +CVE: CVE-2023-4641 + +Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/58b6e97a9eef866e9e479fb781aaaf59fb11ef36] + +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> +--- + src/passwd.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/passwd.c b/src/passwd.c +index 80531ec..8c6f81a 100644 +--- a/src/passwd.c ++++ b/src/passwd.c +@@ -289,6 +289,7 @@ static int new_password (const struct passwd *pw) + cp = getpass (_("New password: ")); + if (NULL == cp) { + memzero (orig, sizeof orig); ++ memzero (pass, sizeof pass); + return -1; + } + if (warned && (strcmp (pass, cp) != 0)) { +@@ -316,6 +317,7 @@ static int new_password (const struct passwd *pw) + cp = getpass (_("Re-enter new password: ")); + if (NULL == cp) { + memzero (orig, sizeof orig); ++ memzero (pass, sizeof pass); + return -1; + } + if (strcmp (cp, pass) != 0) { +-- +2.40.0 |