diff --git a/ppp-2.4.5-crypt.patch b/ppp-2.4.5-crypt.patch new file mode 100644 index 0000000..a7dffb9 --- /dev/null +++ b/ppp-2.4.5-crypt.patch @@ -0,0 +1,47 @@ +diff -up ppp-2.4.5/pppd/auth.c.crypt ppp-2.4.5/pppd/auth.c +--- ppp-2.4.5/pppd/auth.c.crypt 2013-07-04 16:10:27.338463397 +0200 ++++ ppp-2.4.5/pppd/auth.c 2013-07-04 16:15:00.204471203 +0200 +@@ -1515,11 +1515,19 @@ check_passwd(unit, auser, userlen, apass + ret = UPAP_AUTHNAK; + } + } ++ + if (secret[0] != 0 && !login_secret) { +- /* password given in pap-secrets - must match */ +- if ((cryptpap || strcmp(passwd, secret) != 0) +- && strcmp(crypt(passwd, secret), secret) != 0) +- ret = UPAP_AUTHNAK; ++ /* password given in pap-secrets - must match */ ++ char *cryptbuf = NULL; ++ cryptbuf = crypt(passwd, secret); ++ ++ if (cryptpap) { ++ if ((cryptbuf == NULL) || (strcmp(cryptbuf, secret) != 0)) ++ ret = UPAP_AUTHNAK; ++ } else { ++ if ((strcmp(passwd, secret) != 0) && (cryptbuf == NULL || strcmp(cryptbuf, secret) != 0)) ++ ret = UPAP_AUTHNAK; ++ } + } + } + fclose(f); +diff -up ppp-2.4.5/pppd/session.c.crypt ppp-2.4.5/pppd/session.c +--- ppp-2.4.5/pppd/session.c.crypt 2009-11-16 23:26:07.000000000 +0100 ++++ ppp-2.4.5/pppd/session.c 2013-07-04 16:10:27.354463397 +0200 +@@ -348,9 +348,14 @@ session_start(flags, user, passwd, ttyNa + /* + * If no passwd, don't let them login if we're authenticating. + */ +- if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2 +- || strcmp(crypt(passwd, pw->pw_passwd), pw->pw_passwd) != 0) ++ if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2) { + return SESSION_FAILED; ++ } else { ++ char *cryptbuf = NULL; ++ cryptbuf = crypt(passwd, pw->pw_passwd); ++ if ((cryptbuf == NULL) || (strcmp(cryptbuf, pw->pw_passwd) != 0)) ++ return SESSION_FAILED; ++ } + } + + #endif /* #ifdef USE_PAM */ diff --git a/ppp.spec b/ppp.spec index da373b3..eaee48b 100644 --- a/ppp.spec +++ b/ppp.spec @@ -1,7 +1,7 @@ Summary: The Point-to-Point Protocol daemon Name: ppp Version: 2.4.5 -Release: 30%{?dist} +Release: 31%{?dist} License: BSD and LGPLv2+ and GPLv2+ and Public Domain Group: System Environment/Daemons URL: http://www.samba.org/ppp @@ -34,6 +34,7 @@ Patch30: ppp-2.4.5-eth.patch Patch31: ppp-2.4.5-lock.patch Patch32: ppp-2.4.5-l2tp-multilink.patch Patch33: ppp-2.4.5-radius-config.patch +Patch34: ppp-2.4.5-crypt.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pam-devel, libpcap-devel, openssl-devel @@ -86,6 +87,7 @@ This package contains the header files for building plugins for ppp. %patch31 -p1 -b .lock %patch32 -p1 -b .l2tp-multilink %patch33 -p1 -b .radius +%patch34 -p1 -b .crypt rm -f scripts/*.local rm -f scripts/*.change_resolv_conf @@ -163,6 +165,9 @@ getent group dip >/dev/null 2>&1 || groupadd -r -g 40 dip >/dev/null 2>&1 || : %doc PLUGINS %changelog +* Thu Jul 04 2013 Michal Sekletar - 2.4.5-31 +- fix possible NULL pointer dereferencing + * Wed May 29 2013 Michal Sekletar - 2.4.5-30 - make radius plugin config parser less strict - resolves : #906913