pool/slurm
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9eefc8e774
slurm/pam_slurm_adopt-send_user_msg-don-t-copy-undefined-d.patch
Christian Goll 9eefc8e774 Accepting request 657422 from home:mslacken:slurm18 
- restarting services on update only when activated 
- added rotation of logs
- Added backported patches which harden the pam module pam_slurm_adopt
  (BOO#1116758) which will be in slurm 19.05.x
  * added pam_slurm_adopt-avoid-running-outside-of-the-sshd-PA.patch
    [PATCH 1/3] pam_slurm_adopt: avoid running outside of the sshd PAM
  * added pam_slurm_adopt-send_user_msg-don-t-copy-undefined-d.patch
    [PATCH 2/3] pam_slurm_adopt: send_user_msg: don't copy undefined data
  * added pam_slurm_adopt-use-uid-to-determine-whether-root-is.patch
    [PATCH 3/3] pam_slurm_adopt: use uid to determine whether root is
    logging on
- package slurm-pam_slurm now depends on slurm-node and not on slurm

OBS-URL: https://build.opensuse.org/request/show/657422
OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=79
2018-12-12 09:28:26 +00:00

33 lines
1.1 KiB
Diff
Raw Blame History

From 33d78f2db60d3a86c38512f0502df559782cbdf6 Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Wed, 5 Dec 2018 14:08:07 +0100
Subject: [PATCH 2/3] pam_slurm_adopt: send_user_msg: don't copy undefined data
into message
Using memcpy, an amount of undefined data from the stack will be copied
into the target buffer. While pam_conv probably doesn't evalute the
extra data it still unclean to do that. It could lead up to an
information leak somewhen.
Signed-off-by: Christian Goll <cgoll@suse.de>
---
contribs/pam_slurm_adopt/helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/contribs/pam_slurm_adopt/helper.c b/contribs/pam_slurm_adopt/helper.c
index 9c3e202a87..1bac0a0fcf 100644
--- a/contribs/pam_slurm_adopt/helper.c
+++ b/contribs/pam_slurm_adopt/helper.c
@@ -128,7 +128,7 @@ send_user_msg(pam_handle_t *pamh, const char *mesg)
/* Construct msg to send to app.
*/
- memcpy(str, mesg, sizeof(str));
+ strncpy(str, mesg, sizeof(str));
msg[0].msg_style = PAM_ERROR_MSG;
msg[0].msg = str;
pmsg[0] = &msg[0];
--
2.16.4
Reference in New Issue View Git Blame Copy Permalink