rpm/pam
SHA256
1
0
Fork 0
forked from pool/pam
Code Pull Requests Activity
pam/bug-724480_pam_env-fix-overflow.patch

30 lines
917 B
Diff
Raw Normal View History

- pam_tally2: remove invalid options from manpage (bnc#726071) - fix possible overflow and DOS in pam_env (bnc#724480) CVE-2011-3148, CVE-2011-3149 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=83
2011-10-25 12:29:41 +00:00
Description: correctly count leading whitespace when parsing environment
file (CVE-2011-3148).
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469
Author: Kees Cook <kees@debian.org>
Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c
===================================================================
--- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c
+++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c
@@ -290,6 +290,7 @@ static int _assemble_line(FILE *f, char
char *p = buffer;
char *s, *os;
int used = 0;
+ int whitespace;
/* loop broken with a 'break' when a non-'\\n' ended line is read */
@@ -312,8 +313,10 @@ static int _assemble_line(FILE *f, char
/* skip leading spaces --- line may be blank */
- s = p + strspn(p, " \n\t");
+ whitespace = strspn(p, " \n\t");
+ s = p + whitespace;
if (*s && (*s != '#')) {
+ used += whitespace;
os = s;
/*
Copy Permalink