From 1295a7f472e3ed9363c1e36337783a9d82f5492c Mon Sep 17 00:00:00 2001 From: Peter Vrabec Date: Tue, 14 Nov 2006 10:07:36 +0000 Subject: [PATCH] fix chpasswd and chgpasswd stack overflow (#213052) --- shadow-4.0.18.1-overflow.patch | 36 ++++++++++++++++++++++++++++++++++ shadow-utils.spec | 7 ++++++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 shadow-4.0.18.1-overflow.patch diff --git a/shadow-4.0.18.1-overflow.patch b/shadow-4.0.18.1-overflow.patch new file mode 100644 index 0000000..1fb7a42 --- /dev/null +++ b/shadow-4.0.18.1-overflow.patch @@ -0,0 +1,36 @@ +--- shadow-4.0.17/src/chpasswd.c.overflow 2006-11-08 11:09:32.000000000 +0100 ++++ shadow-4.0.17/src/chpasswd.c 2006-11-08 13:13:15.000000000 +0100 +@@ -239,9 +239,13 @@ + newpwd = cp; + if (!eflg) { + if (md5flg) { +- char salt[12] = "$1$"; ++ char tmp[12]; ++ char salt[15] = "\0"; + +- strcat (salt, crypt_make_salt ()); ++ strcpy( tmp, crypt_make_salt ()); ++ if( !strncmp( tmp, "$1$", 3) ) ++ strcat( salt, "$1$"); ++ strcat( salt, tmp); + cp = pw_encrypt (newpwd, salt); + } else + cp = pw_encrypt (newpwd, crypt_make_salt ()); +--- shadow-4.0.17/src/chgpasswd.c.overflow 2006-11-08 13:13:40.000000000 +0100 ++++ shadow-4.0.17/src/chgpasswd.c 2006-11-08 13:17:24.000000000 +0100 +@@ -243,9 +243,13 @@ + newpwd = cp; + if (!eflg) { + if (md5flg) { +- char salt[12] = "$1$"; ++ char tmp[12]; ++ char salt[15] = "\0"; + +- strcat (salt, crypt_make_salt ()); ++ strcpy( tmp, crypt_make_salt ()); ++ if( !strncmp( tmp, "$1$", 3) ) ++ strcat( salt, "$1$"); ++ strcat( salt, tmp); + cp = pw_encrypt (newpwd, salt); + } else + cp = pw_encrypt (newpwd, crypt_make_salt ()); diff --git a/shadow-utils.spec b/shadow-utils.spec index 3bc9c7a..80230d9 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -5,7 +5,7 @@ Summary: Utilities for managing accounts and shadow password files. Name: shadow-utils Version: 4.0.18.1 -Release: 3%{?dist} +Release: 4%{?dist} Epoch: 2 URL: http://shadow.pld.org.pl/ Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2 @@ -22,6 +22,7 @@ Patch6: shadow-4.0.17-notInheritFd.patch Patch7: shadow-4.0.17-exitValues.patch Patch8: shadow-4.0.17-auditLogging.patch Patch9: shadow-4.0.18.1-gid.patch +Patch10: shadow-4.0.18.1-overflow.patch License: BSD Group: System Environment/Base @@ -61,6 +62,7 @@ cp %{SOURCE3} lib/nscd.c %patch7 -p1 -b .exitValues %patch8 -p1 -b .auditLogging %patch9 -p1 -b .gid +%patch10 -p1 -b .overflow rm po/*.gmo rm po/stamp-po @@ -215,6 +217,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/*/man8/faillog.8* %changelog +* Tue Nov 14 2006 Peter Vrabec 2:4.0.18.1-4 +- fix chpasswd and chgpasswd stack overflow (#213052) + * Sat Nov 04 2006 Peter Vrabec 2:4.0.18.1-3 - fix "-g" and "-G" option.