diff --git a/thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch b/thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch new file mode 100644 index 0000000..8fdee70 --- /dev/null +++ b/thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch @@ -0,0 +1,52 @@ +Index: thttpd-2.25b/libhttpd.c +=================================================================== +--- thttpd-2.25b.orig/libhttpd.c 2013-03-04 18:01:55.209721739 +0100 ++++ thttpd-2.25b/libhttpd.c 2013-03-04 18:01:55.244722735 +0100 +@@ -1024,6 +1024,7 @@ auth_check2( httpd_conn* hc, char* dirna + static size_t maxprevuser = 0; + static char* prevcryp; + static size_t maxprevcryp = 0; ++ char *crypt_result; + + /* Construct auth filename. */ + httpd_realloc_str( +@@ -1072,7 +1073,10 @@ auth_check2( httpd_conn* hc, char* dirna + strcmp( authinfo, prevuser ) == 0 ) + { + /* Yes. Check against the cached encrypted password. */ +- if ( strcmp( crypt( authpass, prevcryp ), prevcryp ) == 0 ) ++ crypt_result = crypt( authpass, prevcryp ); ++ if ( ! crypt_result ) ++ return -1; ++ if ( strcmp( crypt_result, prevcryp ) == 0 ) + { + /* Ok! */ + httpd_realloc_str( +@@ -1121,7 +1125,10 @@ auth_check2( httpd_conn* hc, char* dirna + /* Yes. */ + (void) fclose( fp ); + /* So is the password right? */ +- if ( strcmp( crypt( authpass, cryp ), cryp ) == 0 ) ++ crypt_result = crypt( authpass, cryp ); ++ if ( ! crypt_result ) ++ return -1; ++ if ( strcmp( crypt_result, cryp ) == 0 ) + { + /* Ok! */ + httpd_realloc_str( +Index: thttpd-2.25b/extras/htpasswd.c +=================================================================== +--- thttpd-2.25b.orig/extras/htpasswd.c 2013-03-04 18:01:55.226722223 +0100 ++++ thttpd-2.25b/extras/htpasswd.c 2013-03-04 18:02:15.755306445 +0100 +@@ -133,7 +133,10 @@ add_password( char* user, FILE* f ) + (void) srandom( (int) time( (time_t*) 0 ) ); + to64( &salt[0], random(), 2 ); + cpw = crypt( pw, salt ); +- (void) fprintf( f, "%s:%s\n", user, cpw ); ++ if (cpw) ++ (void) fprintf( f, "%s:%s\n", user, cpw ); ++ else ++ (void) fprintf( stderr, "crypt() returned NULL, sorry\n" ); + } + + static void usage(void) { diff --git a/thttpd.changes b/thttpd.changes index b0d0f3c..7e9a2e3 100644 --- a/thttpd.changes +++ b/thttpd.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Mar 4 16:04:08 UTC 2013 - vcizek@suse.com + +- added checks for crypt() return value (CVE-2012-5640) (bnc#783165) + * thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch + ------------------------------------------------------------------- Wed Oct 24 21:20:29 UTC 2012 - suse@ammler.ch diff --git a/thttpd.spec b/thttpd.spec index 1b49f03..63d1306 100644 --- a/thttpd.spec +++ b/thttpd.spec @@ -1,7 +1,7 @@ # # spec file for package thttpd # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -36,6 +36,8 @@ Patch9: %{name}-%{version}-chown.diff Patch10: %{name}-%{version}-zerolen.patch Patch11: %{name}-%{version}-strcpy.patch Patch12: thttpd-2.25b-getline.patch +# PATCH-FIX-SUSE CVE-2012-5640 +Patch13: thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch Url: http://www.acme.com/software/thttpd/ BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: Small and very simple webserver @@ -75,6 +77,7 @@ Authors: %patch10 %patch11 %patch12 +%patch13 -p1 %build cp /usr/share/automake-1.*/config.* .