Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Chi-Thanh Christopher Nguyen (chithanh)" <chithanh@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in x11-apps/xdm/files: xdm-1.1.11-cve-2013-2179.patch
Date: Tue, 02 Jul 2013 09:57:53
Message-Id: 20130702095747.A4F2C2171D@flycatcher.gentoo.org
1 chithanh 13/07/02 09:57:47
2
3 Added: xdm-1.1.11-cve-2013-2179.patch
4 Log:
5 Add patch for security bug #473120. Make xdm-auth optional, bug #445662.
6
7 (Portage version: 2.1.12.2/cvs/Linux x86_64, unsigned Manifest commit)
8
9 Revision Changes Path
10 1.1 x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch
11
12 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch?rev=1.1&view=markup
13 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-apps/xdm/files/xdm-1.1.11-cve-2013-2179.patch?rev=1.1&content-type=text/plain
14
15 Index: xdm-1.1.11-cve-2013-2179.patch
16 ===================================================================
17 From 8d1eb5c74413e4c9a21f689fc106949b121c0117 Mon Sep 17 00:00:00 2001
18 From: mancha <mancha1@××××.com>
19 Date: Wed, 22 May 2013 14:20:26 +0000
20 Subject: Handle NULL returns from glibc 2.17+ crypt().
21
22 Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
23 (w/ NULL return) if the salt violates specifications. Additionally,
24 on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
25 passed to crypt() fail with EPERM (w/ NULL return).
26
27 If using glibc's crypt(), check return value to avoid a possible
28 NULL pointer dereference.
29
30 Reviewed-by: Matthieu Herrb <matthieu@×××××.eu>
31 Signed-off-by: Alan Coopersmith <alan.coopersmith@××××××.com>
32 ---
33 diff --git a/greeter/verify.c b/greeter/verify.c
34 index db3cb7d..b009e2b 100644
35 --- a/greeter/verify.c
36 +++ b/greeter/verify.c
37 @@ -329,6 +329,7 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
38 struct spwd *sp;
39 # endif
40 char *user_pass = NULL;
41 + char *crypted_pass = NULL;
42 # endif
43 # ifdef __OpenBSD__
44 char *s;
45 @@ -464,7 +465,9 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
46 # if defined(ultrix) || defined(__ultrix__)
47 if (authenticate_user(p, greet->password, NULL) < 0)
48 # else
49 - if (strcmp (crypt (greet->password, user_pass), user_pass))
50 + crypted_pass = crypt (greet->password, user_pass);
51 + if ((crypted_pass == NULL)
52 + || (strcmp (crypted_pass, user_pass)))
53 # endif
54 {
55 if(!greet->allow_null_passwd || strlen(p->pw_passwd) > 0) {
56 --
57 cgit v0.9.0.2-2-gbebe
Report Message
Find on MARC Find on Google Groups