Accepting request 419768 from home:guohouzuo:branches:Base:System
- Add patch 0004-overflow-processing-long-words.patch to fix a new buffer overflow identified together with bsc#992966. - Relabel patches: cracklib-magic.diff -> 0001-cracklib-magic.diff cracklib-2.9.2-visibility.patch -> 0002-cracklib-2.9.2-visibility.patch - Add patch 0003-overflow-processing-gecos.patch to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) OBS-URL: https://build.opensuse.org/request/show/419768 OBS-URL: https://build.opensuse.org/package/show/Base:System/cracklib?expand=0&rev=44
This commit is contained in:
parent
857c58c0dd
commit
d3c3dc0115
88
0003-overflow-processing-gecos.patch
Normal file
88
0003-overflow-processing-gecos.patch
Normal file
@ -0,0 +1,88 @@
|
||||
(2016-08-10) The patch authored by Raed Albuliwi addresses a buffer overflow in the parser
|
||||
of GECOS field of user account information. CVE-2016-6318 has been assigned to
|
||||
the issue.
|
||||
|
||||
diff -rupN cracklib-2.9.5/lib/fascist.c cracklib-2.9.5-patched/lib/fascist.c
|
||||
--- cracklib-2.9.5/lib/fascist.c 2015-04-11 19:18:12.000000000 +0200
|
||||
+++ cracklib-2.9.5-patched/lib/fascist.c 2016-08-16 11:08:59.635876877 +0200
|
||||
@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const c
|
||||
char gbuffer[STRINGSIZE];
|
||||
char tbuffer[STRINGSIZE];
|
||||
char *uwords[STRINGSIZE];
|
||||
- char longbuffer[STRINGSIZE * 2];
|
||||
+ char longbuffer[STRINGSIZE];
|
||||
|
||||
if (gecos == NULL)
|
||||
gecos = "";
|
||||
@@ -583,38 +583,46 @@ FascistGecosUser(char *password, const c
|
||||
{
|
||||
for (i = 0; i < j; i++)
|
||||
{
|
||||
- strcpy(longbuffer, uwords[i]);
|
||||
- strcat(longbuffer, uwords[j]);
|
||||
-
|
||||
- if (GTry(longbuffer, password))
|
||||
+ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
|
||||
{
|
||||
- return _("it is derived from your password entry");
|
||||
+ strcpy(longbuffer, uwords[i]);
|
||||
+ strcat(longbuffer, uwords[j]);
|
||||
+ if (GTry(longbuffer, password))
|
||||
+ {
|
||||
+ return _("it is derived from your password entry");
|
||||
+ }
|
||||
+
|
||||
+ strcpy(longbuffer, uwords[j]);
|
||||
+ strcat(longbuffer, uwords[i]);
|
||||
+
|
||||
+ if (GTry(longbuffer, password))
|
||||
+ {
|
||||
+ return _("it's derived from your password entry");
|
||||
+ }
|
||||
}
|
||||
|
||||
- strcpy(longbuffer, uwords[j]);
|
||||
- strcat(longbuffer, uwords[i]);
|
||||
-
|
||||
- if (GTry(longbuffer, password))
|
||||
+ if (strlen(uwords[j]) < STRINGSIZE - 1)
|
||||
{
|
||||
- return _("it's derived from your password entry");
|
||||
+ longbuffer[0] = uwords[i][0];
|
||||
+ longbuffer[1] = '\0';
|
||||
+ strcat(longbuffer, uwords[j]);
|
||||
+
|
||||
+ if (GTry(longbuffer, password))
|
||||
+ {
|
||||
+ return _("it is derivable from your password entry");
|
||||
+ }
|
||||
}
|
||||
|
||||
- longbuffer[0] = uwords[i][0];
|
||||
- longbuffer[1] = '\0';
|
||||
- strcat(longbuffer, uwords[j]);
|
||||
-
|
||||
- if (GTry(longbuffer, password))
|
||||
- {
|
||||
- return _("it is derivable from your password entry");
|
||||
- }
|
||||
-
|
||||
- longbuffer[0] = uwords[j][0];
|
||||
- longbuffer[1] = '\0';
|
||||
- strcat(longbuffer, uwords[i]);
|
||||
-
|
||||
- if (GTry(longbuffer, password))
|
||||
+ if (strlen(uwords[i]) < STRINGSIZE - 1)
|
||||
{
|
||||
- return _("it's derivable from your password entry");
|
||||
+ longbuffer[0] = uwords[j][0];
|
||||
+ longbuffer[1] = '\0';
|
||||
+ strcat(longbuffer, uwords[i]);
|
||||
+
|
||||
+ if (GTry(longbuffer, password))
|
||||
+ {
|
||||
+ return _("it's derivable from your password entry");
|
||||
+ }
|
||||
}
|
||||
}
|
||||
}
|
21
0004-overflow-processing-long-words.patch
Normal file
21
0004-overflow-processing-long-words.patch
Normal file
@ -0,0 +1,21 @@
|
||||
The input word is guaranteed to be at most STRINGSIZE-1 in length. One of the
|
||||
mangle operations involves duplicating the input word, resulting in a string
|
||||
twice the length to be accommodated by both area variables.
|
||||
|
||||
Howard Guo <hguo@suse.com> 2016-08-17
|
||||
|
||||
diff -rupN 3/lib/rules.c 3-patched/lib/rules.c
|
||||
--- 3/lib/rules.c 2016-08-16 14:16:24.033261876 +0200
|
||||
+++ 3-patched/lib/rules.c 2016-08-17 13:57:14.485782894 +0200
|
||||
@@ -434,9 +434,8 @@ Mangle(input, control) /* returns a poi
|
||||
{
|
||||
int limit;
|
||||
register char *ptr;
|
||||
- static char area[STRINGSIZE];
|
||||
- char area2[STRINGSIZE];
|
||||
- area[0] = '\0';
|
||||
+ static char area[STRINGSIZE * 2] = {0};
|
||||
+ char area2[STRINGSIZE * 2] = {0};
|
||||
strcpy(area, input);
|
||||
|
||||
for (ptr = control; *ptr; ptr++)
|
@ -1,3 +1,18 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 17 12:32:43 UTC 2016 - hguo@suse.com
|
||||
|
||||
- Add patch 0004-overflow-processing-long-words.patch
|
||||
to fix a new buffer overflow identified together with bsc#992966.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 15 12:01:52 UTC 2016 - hguo@suse.com
|
||||
|
||||
- Relabel patches:
|
||||
cracklib-magic.diff -> 0001-cracklib-magic.diff
|
||||
cracklib-2.9.2-visibility.patch -> 0002-cracklib-2.9.2-visibility.patch
|
||||
- Add patch 0003-overflow-processing-gecos.patch
|
||||
to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 18 13:00:24 UTC 2015 - mpluskal@suse.com
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package cracklib
|
||||
#
|
||||
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -27,9 +27,11 @@ Source: http://prdownloads.sourceforge.net/cracklib/cracklib-%{version}.
|
||||
Source2: baselibs.conf
|
||||
# PATCH-FIX-OPENSUSE (should be upstreamed)
|
||||
# Remove support for broken 64bit indexes from magic entry [bnc#106007]
|
||||
Patch0: cracklib-magic.diff
|
||||
Patch1: 0001-cracklib-magic.diff
|
||||
# PATCH-FIX-OPENSUSE Hide non-public functions
|
||||
Patch1: cracklib-2.9.2-visibility.patch
|
||||
Patch2: 0002-cracklib-2.9.2-visibility.patch
|
||||
Patch3: 0003-overflow-processing-gecos.patch
|
||||
Patch4: 0004-overflow-processing-long-words.patch
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: gzip
|
||||
@ -85,8 +87,10 @@ This package contains a small dictionay file used by cracklib.
|
||||
%prep
|
||||
%setup -q
|
||||
translation-update-upstream
|
||||
%patch0
|
||||
%patch1
|
||||
%patch2
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
|
||||
%build
|
||||
AUTOPOINT=true autoreconf -fi
|
||||
|
Loading…
Reference in New Issue
Block a user