Accepting request 621183 from home:mgerstner:branches:security

- Add patch 0003-pam_oath-assign-safe-default-to-alwaysok-config-memb.patch: - fix potential security issue in low memory situation (bsc#1089114) OBS-URL: https://build.opensuse.org/request/show/621183 OBS-URL: https://build.opensuse.org/package/show/security/oath-toolkit?expand=0&rev=21
2018-07-05 20:22:17 +00:00 · 2018-07-05 20:22:17 +00:00 · 027754f831
commit 027754f831
parent de7a2bad18
3 changed files with 40 additions and 0 deletions
--- a/0003-pam_oath-assign-safe-default-to-alwaysok-config-memb.patch
+++ b/0003-pam_oath-assign-safe-default-to-alwaysok-config-memb.patch
@ -0,0 +1,32 @@
+From 70722be5a76d28df8ebbf8a706c6346c57cebb62 Mon Sep 17 00:00:00 2001
+From: Matthias Gerstner <matthias.gerstner@suse.de>
+Date: Thu, 5 Jul 2018 18:39:48 +0200
+Subject: [PATCH] pam_oath: assign safe default to alwaysok config member
+
+The way this was before allowed for the PAM authentication to
+potentially succeed when the first `goto done` line is hit. If the
+undefined data behind alwaysok is non-zero (which is quite probable)
+this would happen.
+
+In theory a local attacker could try to exhaust memory just enough to
+hit this spot and get e.g. root access.
+---
+ pam_oath/pam_oath.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/pam_oath/pam_oath.c b/pam_oath/pam_oath.c
+index 57fd33c..cfc3331 100644
+--- a/pam_oath/pam_oath.c
+++ b/pam_oath/pam_oath.c
+@@ -146,6 +146,8 @@ pam_sm_authenticate (pam_handle_t * pamh,
+   char *query_prompt = NULL;
+   char *onlypasswd = strdup ("");	/* empty passwords never match */
+ 
+  cfg.alwaysok = false; /* make sure this gets a safe default */
+
+   if (!onlypasswd)
+     {
+       retval = PAM_BUF_ERR;
+-- 
+2.16.4
+
--- a/oath-toolkit.changes
+++ b/oath-toolkit.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jul  5 17:00:51 UTC 2018 - matthias.gerstner@suse.com
+
+- Add patch 0003-pam_oath-assign-safe-default-to-alwaysok-config-memb.patch:
+   - fix potential security issue in low memory situation (bsc#1089114)
+
 -------------------------------------------------------------------
 Sun May 20 21:40:32 UTC 2018 - julio@juliogonzalez.es

--- a/oath-toolkit.spec
+++ b/oath-toolkit.spec
@ -26,6 +26,7 @@ URL:            http://www.nongnu.org/oath-toolkit/
 Source:         http://download.savannah.nongnu.org/releases/%{name}/%{name}-%{version}.tar.gz
 Patch1:         0001-Fix-no-return-in-nonvoid-function-errors-reported-by.patch
 Patch2:         0002-update_gnulibs_files.patch
+Patch3:         0003-pam_oath-assign-safe-default-to-alwaysok-config-memb.patch
 BuildRequires:  bison
 BuildRequires:  gengetopt
 BuildRequires:  libgcrypt-devel
@ -130,6 +131,7 @@ This subpackage contains the headers for this library.
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 %build
 autoreconf -fiv