pool/pam
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 651302 from Linux-PAM

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/651302
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=94
This commit is contained in:
Dominique Leuenberger 2018-12-03 09:02:42 +00:00 committed by Git OBS Bridge
commit b4b1d98b10
3 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pam.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com
- When comparing an incoming IP address with an entry in
access.conf that only specified a single host (ie no netmask),
the incoming IP address was used rather than the IP address from
access.conf, effectively comparing the incoming address with
itself. (Also fixed a small typo while I was at it)
{bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953]
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com

2
pam.spec
View File

@ -66,6 +66,7 @@ Patch0: fix-man-links.dif
Patch2: pam-limit-nproc.patch Patch2: pam-limit-nproc.patch
Patch3: encryption_method_nis.diff Patch3: encryption_method_nis.diff
Patch4: pam-hostnames-in-access_conf.patch Patch4: pam-hostnames-in-access_conf.patch
Patch5: use-correct-IP-address.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: libdb-4_8-devel BuildRequires: libdb-4_8-devel
# Remove with next version update: # Remove with next version update:
@ -118,6 +119,7 @@ building both PAM-aware applications and modules for use with PAM.
%patch2 -p1 %patch2 -p1
%patch3 -p0 %patch3 -p0
%patch4 -p0 %patch4 -p0
%patch5 -p1
%build %build
autoreconf -fiv autoreconf -fiv

34
use-correct-IP-address.patch Normal file
View File

@ -0,0 +1,34 @@
Index: Linux-PAM-1.3.1/modules/pam_access/pam_access.c
===================================================================
--- Linux-PAM-1.3.1.orig/modules/pam_access/pam_access.c
+++ Linux-PAM-1.3.1/modules/pam_access/pam_access.c
@@ -716,7 +716,7 @@ network_netmask_match (pam_handle_t *pam
if (item->debug)
pam_syslog (pamh, LOG_DEBUG,
- "network_netmask_match: tok=%s, item=%s", tok, string);
+ "network_netmask_match: tok=%s, string=%s", tok, string);
/* OK, check if tok is of type addr/mask */
if ((netmask_ptr = strchr(tok, '/')) != NULL)
@@ -734,7 +734,7 @@ network_netmask_match (pam_handle_t *pam
/* check netmask */
if (isipaddr(netmask_ptr, NULL, NULL) == NO)
- { /* netmask as integre value */
+ { /* netmask as integer value */
char *endptr = NULL;
netmask = strtol(netmask_ptr, &endptr, 0);
if ((endptr == netmask_ptr) || (*endptr != '\0'))
@@ -778,9 +778,9 @@ network_netmask_match (pam_handle_t *pam
ai = NULL; /* just to be on the safe side */
- if (getaddrinfo (string, NULL, &hint, &ai) != 0)
+ if (getaddrinfo (tok, NULL, &hint, &ai) != 0)
{
- pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", string);
+ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok);
return NO;
}