SOURCES: pam-unix-nullcheck.patch (NEW) - check for NULL pointers ...
baggins
baggins at pld-linux.org
Mon Feb 5 00:19:49 CET 2007
Author: baggins Date: Sun Feb 4 23:19:49 2007 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- check for NULL pointers in pam_unix password checking routines
---- Files affected:
SOURCES:
pam-unix-nullcheck.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/pam-unix-nullcheck.patch
diff -u /dev/null SOURCES/pam-unix-nullcheck.patch:1.1
--- /dev/null Mon Feb 5 00:19:49 2007
+++ SOURCES/pam-unix-nullcheck.patch Mon Feb 5 00:19:44 2007
@@ -0,0 +1,64 @@
+diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_unix/support.c Linux-PAM-0.99.7.1/modules/pam_unix/support.c
+--- Linux-PAM-0.99.7.1.orig/modules/pam_unix/support.c 2007-01-23 10:41:21.000000000 +0100
++++ Linux-PAM-0.99.7.1/modules/pam_unix/support.c 2007-02-04 20:00:16.992352631 +0100
+@@ -694,13 +695,13 @@
+ } else {
+ if (!strncmp(salt, "$1$", 3)) {
+ pp = Goodcrypt_md5(p, salt);
+- if (strcmp(pp, salt) != 0) {
++ if (pp && strcmp(pp, salt) != 0) {
+ _pam_delete(pp);
+ pp = Brokencrypt_md5(p, salt);
+ }
+ } else if (*salt != '$' && salt_len >= 13) {
+ pp = bigcrypt(p, salt);
+- if (strlen(pp) > salt_len) {
++ if (pp && strlen(pp) > salt_len) {
+ pp[salt_len] = '\0';
+ }
+ } else {
+@@ -715,7 +718,7 @@
+ /* the moment of truth -- do we agree with the password? */
+ D(("comparing state of pp[%s] and salt[%s]", pp, salt));
+
+- if (strcmp(pp, salt) == 0) {
++ if (pp && strcmp(pp, salt) == 0) {
+ retval = PAM_SUCCESS;
+ } else {
+ retval = PAM_AUTH_ERR;
+diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_unix/unix_chkpwd.c Linux-PAM-0.99.7.1/modules/pam_unix/unix_chkpwd.c
+--- Linux-PAM-0.99.7.1.orig/modules/pam_unix/unix_chkpwd.c 2006-10-24 12:01:49.000000000 +0200
++++ Linux-PAM-0.99.7.1/modules/pam_unix/unix_chkpwd.c 2007-02-04 19:53:39.269687706 +0100
+@@ -196,20 +197,20 @@
+ retval = PAM_AUTH_ERR;
+ if (!strncmp(salt, "$1$", 3)) {
+ pp = Goodcrypt_md5(p, salt);
+- if (strcmp(pp, salt) == 0) {
++ if (pp && strcmp(pp, salt) == 0) {
+ retval = PAM_SUCCESS;
+ } else {
+ pp = Brokencrypt_md5(p, salt);
+- if (strcmp(pp, salt) == 0)
++ if (pp && strcmp(pp, salt) == 0)
+ retval = PAM_SUCCESS;
+ }
+ } else if (*salt == '$') {
+ /*
+ * Ok, we don't know the crypt algorithm, but maybe
+ * libcrypt nows about it? We should try it.
+ */
+ pp = x_strdup (crypt(p, salt));
+- if (strcmp(pp, salt) == 0) {
++ if (pp && strcmp(pp, salt) == 0) {
+ retval = PAM_SUCCESS;
+ }
+ } else if ((*salt == '*') || (salt_len < 13)) {
+@@ -225,7 +230,7 @@
+ * stored string with the subset of bigcrypt's result.
+ * Bug 521314: the strncmp comparison is for legacy support.
+ */
+- if (strncmp(pp, salt, salt_len) == 0) {
++ if (pp && strncmp(pp, salt, salt_len) == 0) {
+ retval = PAM_SUCCESS;
+ }
+ }
================================================================
More information about the pld-cvs-commit
mailing list