- fix regression in pam_set_item

This commit is contained in:
Tomáš Mráz 2008-04-07 09:45:21 +00:00
parent 1fa0a9e893
commit 2613b27a52
2 changed files with 71 additions and 1 deletions

65
pam-1.0.0-set-item.patch Normal file
View File

@ -0,0 +1,65 @@
Index: pam_item.c
===================================================================
RCS file: /cvsroot/pam/Linux-PAM/libpam/pam_item.c,v
retrieving revision 1.16
diff -u -p -r1.16 pam_item.c
--- libpam/pam_item.c 3 Mar 2008 13:23:45 -0000 1.16
+++ libpam/pam_item.c 7 Apr 2008 09:04:50 -0000
@@ -11,13 +11,15 @@
#include <string.h>
#include <syslog.h>
-#define TRY_SET(X, Y) \
-{ \
- char *_TMP_ = _pam_strdup(Y); \
- if (_TMP_ == NULL && (Y) != NULL) \
- return PAM_BUF_ERR; \
- free(X); \
- (X) = _TMP_; \
+#define TRY_SET(X, Y) \
+{ \
+ if ((X) != (Y)) { \
+ char *_TMP_ = _pam_strdup(Y); \
+ if (_TMP_ == NULL && (Y) != NULL) \
+ return PAM_BUF_ERR; \
+ free(X); \
+ (X) = _TMP_; \
+ } \
}
/* functions */
@@ -76,8 +78,10 @@ int pam_set_item (pam_handle_t *pamh, in
* modules.
*/
if (__PAM_FROM_MODULE(pamh)) {
- _pam_overwrite(pamh->authtok);
- TRY_SET(pamh->authtok, item);
+ if (pamh->authtok != item) {
+ _pam_overwrite(pamh->authtok);
+ TRY_SET(pamh->authtok, item);
+ }
} else {
retval = PAM_BAD_ITEM;
}
@@ -90,8 +94,10 @@ int pam_set_item (pam_handle_t *pamh, in
* modules.
*/
if (__PAM_FROM_MODULE(pamh)) {
- _pam_overwrite(pamh->oldauthtok);
- TRY_SET(pamh->oldauthtok, item);
+ if (pamh->oldauthtok != item) {
+ _pam_overwrite(pamh->oldauthtok);
+ TRY_SET(pamh->oldauthtok, item);
+ }
} else {
retval = PAM_BAD_ITEM;
}
@@ -130,6 +136,8 @@ int pam_set_item (pam_handle_t *pamh, in
break;
case PAM_XAUTHDATA:
+ if (&pamh->xauth == item)
+ break;
if (pamh->xauth.namelen) {
_pam_overwrite(pamh->xauth.name);
free(pamh->xauth.name);

View File

@ -5,7 +5,7 @@
Summary: A security tool which provides authentication for applications
Name: pam
Version: 1.0.0
Release: 1%{?dist}
Release: 2%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
# pam_rhosts_auth module is BSD with advertising
@ -25,6 +25,7 @@ Source11: 90-nproc.conf
Patch1: pam-0.99.7.0-redhat-modules.patch
Patch2: db-4.6.18-glibc.patch
Patch4: pam-0.99.8.1-dbpam.patch
Patch10: pam-1.0.0-set-item.patch
Patch21: pam-0.99.10.0-unix-audit-failed.patch
Patch31: pam-0.99.3.0-cracklib-try-first-pass.patch
Patch32: pam-0.99.3.0-tally-fail-close.patch
@ -100,6 +101,7 @@ pushd db-%{db_version}
%patch2 -p1 -b .db4-glibc
popd
%patch4 -p1 -b .dbpam
%patch10 -p0 -b .setitem
%patch21 -p1 -b .audit-failed
%patch31 -p1 -b .try-first-pass
%patch32 -p1 -b .fail-close
@ -372,6 +374,9 @@ fi
%doc doc/adg/*.txt doc/adg/html
%changelog
* Mon Apr 7 2008 Tomas Mraz <tmraz@redhat.com> 1.0.0-2
- fix regression in pam_set_item
* Fri Apr 4 2008 Tomas Mraz <tmraz@redhat.com> 1.0.0-1
- upgrade to new upstream release (bugfix only)